9e544c53dffc7c410220f17bc3a9f96f83f98a2bcdaa882183408d5194bf6a9e | Triage

Sharing

General

Target

9e544c53dffc7c410220f17bc3a9f96f83f98a2bcdaa882183408d5194bf6a9e.vbs
Size

23KB
Sample

240312-dgwnmsed5x
MD5

d6695915f760321b845a2816f656e663
SHA1

4b7059d4d43e11a86c3df728f362f4c8446dfc42
SHA256

9e544c53dffc7c410220f17bc3a9f96f83f98a2bcdaa882183408d5194bf6a9e
SHA512

b5b9f34a1ecbfdc744564699b5588412296aac865de1439e9357af17c7ff64c0ddcd960bfb3adcafd014a052f077535c419d2a96e25d90552951a5152c89c724
SSDEEP

384:jrgkau2izS+8ScLLSYxmdIPEwOcFtGiuMcXx5qeBmkgQvZTygL4fKnqvWpsToSFH:jrgkau2iu+8ScLLSYxwIPEwOcFtGiuM1

Score

8^/10

Malware Config

Targets

- Target
  
  9e544c53dffc7c410220f17bc3a9f96f83f98a2bcdaa882183408d5194bf6a9e.vbs
- Size
  
  23KB
- MD5
  
  d6695915f760321b845a2816f656e663
- SHA1
  
  4b7059d4d43e11a86c3df728f362f4c8446dfc42
- SHA256
  
  9e544c53dffc7c410220f17bc3a9f96f83f98a2bcdaa882183408d5194bf6a9e
- SHA512
  
  b5b9f34a1ecbfdc744564699b5588412296aac865de1439e9357af17c7ff64c0ddcd960bfb3adcafd014a052f077535c419d2a96e25d90552951a5152c89c724
- SSDEEP
  
  384:jrgkau2izS+8ScLLSYxmdIPEwOcFtGiuMcXx5qeBmkgQvZTygL4fKnqvWpsToSFH:jrgkau2iu+8ScLLSYxwIPEwOcFtGiuM1
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2