487900466cf9a708a96f2bac15da523c6864b88ffb0090b6b58d114b141d8e86 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FACTURA_325.vbs
Size

210KB
Sample

240418-lwqpyaah81
MD5

4dd365afd7e8492402b7085ddc4bd66b
SHA1

2abc1ea2974a94af2baae30e6b37e0112e518b93
SHA256

487900466cf9a708a96f2bac15da523c6864b88ffb0090b6b58d114b141d8e86
SHA512

bdadf6d6ea9d9df61dd8440276820788e2a60c0ecf4019968ca80f88584a6230dec5bb5d450f1ef3ebb9feed75a65c64b7434297c815005b64b1c29eab6545f3
SSDEEP

6144:dYBgIjQvrMbWSR4WHUJJs9E87Fy4lZrUChpqKmjum4QlNVrDjXR46cCPCRJfSq7f:m2dO177Oc

Score

8^/10

Malware Config

Targets

- Target
  
  FACTURA_325.vbs
- Size
  
  210KB
- MD5
  
  4dd365afd7e8492402b7085ddc4bd66b
- SHA1
  
  2abc1ea2974a94af2baae30e6b37e0112e518b93
- SHA256
  
  487900466cf9a708a96f2bac15da523c6864b88ffb0090b6b58d114b141d8e86
- SHA512
  
  bdadf6d6ea9d9df61dd8440276820788e2a60c0ecf4019968ca80f88584a6230dec5bb5d450f1ef3ebb9feed75a65c64b7434297c815005b64b1c29eab6545f3
- SSDEEP
  
  6144:dYBgIjQvrMbWSR4WHUJJs9E87Fy4lZrUChpqKmjum4QlNVrDjXR46cCPCRJfSq7f:m2dO177Oc
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2