be6861141aae063bbfe9ff385fdedcbb383b07cbacc2c61bb558a46e0f06bb58 | Triage

Sharing

General

Target

be6861141aae063bbfe9ff385fdedcbb383b07cbacc2c61bb558a46e0f06bb58.vbs
Size

361KB
Sample

240417-ckjmtacc9y
MD5

ae55f99323808b2185d1b56d56f6305b
SHA1

d043a31f2a1c72cccc49f932f4c41abec7bf003d
SHA256

be6861141aae063bbfe9ff385fdedcbb383b07cbacc2c61bb558a46e0f06bb58
SHA512

21c6b411b4c14c9d02e58494a47a21aadd61f8ca370f4d90a58c9d4049204e1501d4d94913ed61d69489bb5339e3f11a399b93b987a28046fd3fde74c72447ec
SSDEEP

6144:xwKLaVfs2VTA05zBWJKJqDv9WlmDg6bMiaNb3rczF9V4I5Btg/zRoFTC4vSUUkPe:u7InOiRxIl5x

Score

8^/10

Malware Config

Targets

- Target
  
  be6861141aae063bbfe9ff385fdedcbb383b07cbacc2c61bb558a46e0f06bb58.vbs
- Size
  
  361KB
- MD5
  
  ae55f99323808b2185d1b56d56f6305b
- SHA1
  
  d043a31f2a1c72cccc49f932f4c41abec7bf003d
- SHA256
  
  be6861141aae063bbfe9ff385fdedcbb383b07cbacc2c61bb558a46e0f06bb58
- SHA512
  
  21c6b411b4c14c9d02e58494a47a21aadd61f8ca370f4d90a58c9d4049204e1501d4d94913ed61d69489bb5339e3f11a399b93b987a28046fd3fde74c72447ec
- SSDEEP
  
  6144:xwKLaVfs2VTA05zBWJKJqDv9WlmDg6bMiaNb3rczF9V4I5Btg/zRoFTC4vSUUkPe:u7InOiRxIl5x
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2