de60c5633d4704caac39da20ffe91dc4065777b91cab6bef8994c994a164b2c9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de60c5633d4704caac39da20ffe91dc4065777b91cab6bef8994c994a164b2c9.vbs
Size

1KB
Sample

231126-qrybfahf4z
MD5

f53852366508939495a696b0af3f1459
SHA1

f35d44f28270df5c9b060d91433bf64c83b7deb5
SHA256

de60c5633d4704caac39da20ffe91dc4065777b91cab6bef8994c994a164b2c9
SHA512

38ee5984eb8872c4b9a0c41c261b1c5d4721bfff80be579a61e7281318cf2df5d715004b9041c1b123e799ca784def75e0d8a3eaad04c1f0746039efef160c8b

Score

8^/10

Malware Config

Targets

- Target
  
  de60c5633d4704caac39da20ffe91dc4065777b91cab6bef8994c994a164b2c9.vbs
- Size
  
  1KB
- MD5
  
  f53852366508939495a696b0af3f1459
- SHA1
  
  f35d44f28270df5c9b060d91433bf64c83b7deb5
- SHA256
  
  de60c5633d4704caac39da20ffe91dc4065777b91cab6bef8994c994a164b2c9
- SHA512
  
  38ee5984eb8872c4b9a0c41c261b1c5d4721bfff80be579a61e7281318cf2df5d715004b9041c1b123e799ca784def75e0d8a3eaad04c1f0746039efef160c8b
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2