24220410bffece94d6ad483d61e540ee6b0fcc2d9be690d3b03d4b2b37ba07cb | Triage

Sharing

General

Target

24220410bffece94d6ad483d61e540ee6b0fcc2d9be690d3b03d4b2b37ba07cb.vbs
Size

8KB
Sample

240424-bhn9vadd8t
MD5

78a3e500aa75424e4494cc24d8d2b1f3
SHA1

99b288b4dc02152cedcedd4f40752d55696f8eb1
SHA256

24220410bffece94d6ad483d61e540ee6b0fcc2d9be690d3b03d4b2b37ba07cb
SHA512

e23f3d60b1e12665363c75682244c6d30d23695ae838bdff138c840ee376e52f5aff168b29f88d645f17c2eb601c4fe485d0f1222f68b56891f98d5c41c5bf28
SSDEEP

192:s1dltIbgm2ZXmtIjR0RvYxI+MSA/T5deSIMU6O:ulKbgm2WIjRsYK+gbNIIO

Score

8^/10

Malware Config

Targets

- Target
  
  24220410bffece94d6ad483d61e540ee6b0fcc2d9be690d3b03d4b2b37ba07cb.vbs
- Size
  
  8KB
- MD5
  
  78a3e500aa75424e4494cc24d8d2b1f3
- SHA1
  
  99b288b4dc02152cedcedd4f40752d55696f8eb1
- SHA256
  
  24220410bffece94d6ad483d61e540ee6b0fcc2d9be690d3b03d4b2b37ba07cb
- SHA512
  
  e23f3d60b1e12665363c75682244c6d30d23695ae838bdff138c840ee376e52f5aff168b29f88d645f17c2eb601c4fe485d0f1222f68b56891f98d5c41c5bf28
- SSDEEP
  
  192:s1dltIbgm2ZXmtIjR0RvYxI+MSA/T5deSIMU6O:ulKbgm2WIjRsYK+gbNIIO
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2