5c5681a93c0ef3004c662242ec586415d9c9cd13138c8958e3c4bd99e2e6ff41 | Triage

Sharing

General

Target

66432890.vbs
Size

2KB
Sample

240212-jv1gmsab63
MD5

c3d455321c187a2df2aed12dbc87ce9c
SHA1

eb84d2cfa012f031ac9f50b8685b23ebd69f1268
SHA256

5c5681a93c0ef3004c662242ec586415d9c9cd13138c8958e3c4bd99e2e6ff41
SHA512

9a36cc77aa6413c18c69053ad30b7332ed8dfd2d80b6dafddd7df1a074bd50b6695859c4d3951f944c5a22b6302f0ed2f131c357495d04be130f6a5a448b1215

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  66432890.vbs
- Size
  
  2KB
- MD5
  
  c3d455321c187a2df2aed12dbc87ce9c
- SHA1
  
  eb84d2cfa012f031ac9f50b8685b23ebd69f1268
- SHA256
  
  5c5681a93c0ef3004c662242ec586415d9c9cd13138c8958e3c4bd99e2e6ff41
- SHA512
  
  9a36cc77aa6413c18c69053ad30b7332ed8dfd2d80b6dafddd7df1a074bd50b6695859c4d3951f944c5a22b6302f0ed2f131c357495d04be130f6a5a448b1215
Score

8^/10

persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2