4de81af0f088cad4f0beb95699a49a7bb8dcb7335e48e9ab6a15567ef3e5c9b1 | Triage

Sharing

General

Target

DHL0000879654982647865428.vbs
Size

36KB
Sample

240430-gfsr5sed2z
MD5

c396c7ce351553e41db0fd9a6555a38e
SHA1

4fd3ae9de04e3c77a6a17096115a2d13c0136f6c
SHA256

4de81af0f088cad4f0beb95699a49a7bb8dcb7335e48e9ab6a15567ef3e5c9b1
SHA512

5705881792db6c59ae80bb6cb118ff3592413cd344da0baad70c837e62cd4e3f331045c63cb6503d20e23b6654a2408acd74b250526041e314dafe24a77565a2
SSDEEP

768:G/pRmEb0vlFNT1WFQk5gW5W9IVOwvRK6pmUM:IpRmEbmlb1rqgUhQwvRlPM

Score

8^/10

Malware Config

Targets

- Target
  
  DHL0000879654982647865428.vbs
- Size
  
  36KB
- MD5
  
  c396c7ce351553e41db0fd9a6555a38e
- SHA1
  
  4fd3ae9de04e3c77a6a17096115a2d13c0136f6c
- SHA256
  
  4de81af0f088cad4f0beb95699a49a7bb8dcb7335e48e9ab6a15567ef3e5c9b1
- SHA512
  
  5705881792db6c59ae80bb6cb118ff3592413cd344da0baad70c837e62cd4e3f331045c63cb6503d20e23b6654a2408acd74b250526041e314dafe24a77565a2
- SSDEEP
  
  768:G/pRmEb0vlFNT1WFQk5gW5W9IVOwvRK6pmUM:IpRmEbmlb1rqgUhQwvRlPM
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2