875354779fb810fdab20845476e3e312f030edf58dcc043b2ea8ac566d95fd9b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

875354779fb810fdab20845476e3e312f030edf58dcc043b2ea8ac566d95fd9b.vbs
Size

107KB
Sample

240418-b1xnyagg2w
MD5

dc730ce99454b09b0cdb56ad864393a1
SHA1

221a2f95154e2bce9723c5f19d6136984549f745
SHA256

875354779fb810fdab20845476e3e312f030edf58dcc043b2ea8ac566d95fd9b
SHA512

a4b57b5279c02c6d19f194aa7eb4eb340d56a9d81a465e6f10b4a066b22cec15e161456c74bf05b895667b9b172c2dbe92c7033acb360203eee14361529ee903
SSDEEP

1536:/2ng9U1lBHFcJUJI+YZb5bJ9Gmgz/+rtfRDFqGb5uJZUU0tKl9CP8Z:/DU1DHFUGmgURDFBe0tKl9CP4

Score

8^/10

Malware Config

Targets

- Target
  
  875354779fb810fdab20845476e3e312f030edf58dcc043b2ea8ac566d95fd9b.vbs
- Size
  
  107KB
- MD5
  
  dc730ce99454b09b0cdb56ad864393a1
- SHA1
  
  221a2f95154e2bce9723c5f19d6136984549f745
- SHA256
  
  875354779fb810fdab20845476e3e312f030edf58dcc043b2ea8ac566d95fd9b
- SHA512
  
  a4b57b5279c02c6d19f194aa7eb4eb340d56a9d81a465e6f10b4a066b22cec15e161456c74bf05b895667b9b172c2dbe92c7033acb360203eee14361529ee903
- SSDEEP
  
  1536:/2ng9U1lBHFcJUJI+YZb5bJ9Gmgz/+rtfRDFqGb5uJZUU0tKl9CP8Z:/DU1DHFUGmgURDFBe0tKl9CP4
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2