0923a2d6d1c333ebd0f4320b2fe23015ecf70f3ebeb5a89d883b8259869d4743 | Triage

Sharing

General

Target

0923a2d6d1c333ebd0f4320b2fe23015ecf70f3ebeb5a89d883b8259869d4743.vbs
Size

8KB
Sample

240425-t4c3tacf3t
MD5

fdf5dceb2d284e54cf0a421a463b621d
SHA1

e5f7ec649576934ac61090f1380d23b9d2ac5d09
SHA256

0923a2d6d1c333ebd0f4320b2fe23015ecf70f3ebeb5a89d883b8259869d4743
SHA512

a7af097d89597788c1f5f368dc5df4430efdb1315034b4790610d681284af2cb73d5d7627fcf8c6048558c2149ce553b2f9ac1d4ddc4aa84207644240ca51281
SSDEEP

192:3xbypOqPkZz+5xE1Naq+wtwFBsaqOaJA8Z/cDWzNZWiEtM0J:hblIiblwHsa3a/FcriEtv

Score

8^/10

Malware Config

Targets

- Target
  
  0923a2d6d1c333ebd0f4320b2fe23015ecf70f3ebeb5a89d883b8259869d4743.vbs
- Size
  
  8KB
- MD5
  
  fdf5dceb2d284e54cf0a421a463b621d
- SHA1
  
  e5f7ec649576934ac61090f1380d23b9d2ac5d09
- SHA256
  
  0923a2d6d1c333ebd0f4320b2fe23015ecf70f3ebeb5a89d883b8259869d4743
- SHA512
  
  a7af097d89597788c1f5f368dc5df4430efdb1315034b4790610d681284af2cb73d5d7627fcf8c6048558c2149ce553b2f9ac1d4ddc4aa84207644240ca51281
- SSDEEP
  
  192:3xbypOqPkZz+5xE1Naq+wtwFBsaqOaJA8Z/cDWzNZWiEtM0J:hblIiblwHsa3a/FcriEtv
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2