fd1b3ed805346ee23f9956377c3544546550d86718543b03ec7496ad89f3558c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd1b3ed805346ee23f9956377c3544546550d86718543b03ec7496ad89f3558c.vbs
Size

275KB
Sample

240329-dgtjaage55
MD5

b478df5fcb26b5f6be934fa417dff56c
SHA1

f10f47328523372fe2097c2450bca6b632412301
SHA256

fd1b3ed805346ee23f9956377c3544546550d86718543b03ec7496ad89f3558c
SHA512

63c03d130efa713c7abd96538ead20e28e2ef11cd49de5dd8a4ac286276962cdbdfbc1da9999c771d8542377ed44617ac143c599bbb79c2de008fc578fd82ee0
SSDEEP

6144:2LkLMX7IYSHPDvPKbhikkFnEbzM/PDiXJfljw91aVX/e+B97TpgxZFMwgwxYRsnV:2oth32KSs

Score

8^/10

Malware Config

Targets

- Target
  
  fd1b3ed805346ee23f9956377c3544546550d86718543b03ec7496ad89f3558c.vbs
- Size
  
  275KB
- MD5
  
  b478df5fcb26b5f6be934fa417dff56c
- SHA1
  
  f10f47328523372fe2097c2450bca6b632412301
- SHA256
  
  fd1b3ed805346ee23f9956377c3544546550d86718543b03ec7496ad89f3558c
- SHA512
  
  63c03d130efa713c7abd96538ead20e28e2ef11cd49de5dd8a4ac286276962cdbdfbc1da9999c771d8542377ed44617ac143c599bbb79c2de008fc578fd82ee0
- SSDEEP
  
  6144:2LkLMX7IYSHPDvPKbhikkFnEbzM/PDiXJfljw91aVX/e+B97TpgxZFMwgwxYRsnV:2oth32KSs
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2