Overview

overview

8

Static

static

1

176c5002a8...b1.vbs

windows7-x64

8

176c5002a8...b1.vbs

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    176c5002a81808675e9bc0fd08d7c3b1

  • Size

    720B

  • Sample

    231230-nwdrgsadhk

  • MD5

    176c5002a81808675e9bc0fd08d7c3b1

  • SHA1

    69d3ad714b0d71da5aad430ce3a25b8e590a1785

  • SHA256

    1ee99a2d1ec0eb38fc56473f1edd0ee266538bdf23e1e515c876c5444626d138

  • SHA512

    6981301a3732b6bcaa3d55b425933f6dc582ce02770b750583fe21ad43b211c3bf51f81588bb7b44d0961d86fea8c22027a82189ab0893acda9a679d5d2c3396

Score
8/10

Malware Config

Targets

    • Target

      176c5002a81808675e9bc0fd08d7c3b1

    • Size

      720B

    • MD5

      176c5002a81808675e9bc0fd08d7c3b1

    • SHA1

      69d3ad714b0d71da5aad430ce3a25b8e590a1785

    • SHA256

      1ee99a2d1ec0eb38fc56473f1edd0ee266538bdf23e1e515c876c5444626d138

    • SHA512

      6981301a3732b6bcaa3d55b425933f6dc582ce02770b750583fe21ad43b211c3bf51f81588bb7b44d0961d86fea8c22027a82189ab0893acda9a679d5d2c3396

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks