General
-
Target
DRAFT BILL OF LADING.PDF.vbs
-
Size
27KB
-
Sample
240319-c933rafe33
-
MD5
8ce482c332e9ec80d47c64edc65b6a70
-
SHA1
c4ceaf9bf0791068f650f28674f09ac345bdc3cd
-
SHA256
1562364a3048ef8e00720e3bc0c6588ed7a4d8f560c5bdafa5b19503e159a8a8
-
SHA512
3471397b056c668363b309fa26374a849e02b3a191a0f4a1ac33f723e8358fda9911faadd9927f65f424e974a3ab6f2c88406bb4880ce88155ab172465126886
-
SSDEEP
768:4OMHs3w3rf5xGsmKQblBW2MQK/fFXSiP10E:403w3rDTpQZjOSiPD
Malware Config
Targets
-
-
Target
DRAFT BILL OF LADING.PDF.vbs
-
Size
27KB
-
MD5
8ce482c332e9ec80d47c64edc65b6a70
-
SHA1
c4ceaf9bf0791068f650f28674f09ac345bdc3cd
-
SHA256
1562364a3048ef8e00720e3bc0c6588ed7a4d8f560c5bdafa5b19503e159a8a8
-
SHA512
3471397b056c668363b309fa26374a849e02b3a191a0f4a1ac33f723e8358fda9911faadd9927f65f424e974a3ab6f2c88406bb4880ce88155ab172465126886
-
SSDEEP
768:4OMHs3w3rf5xGsmKQblBW2MQK/fFXSiP10E:403w3rDTpQZjOSiPD
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-