462739185259ac15157123f42441070d987e3cea3c266b016ee4f4f9235227a2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02052024_0241_01052024_Payment-Advice00899383-PDF.vbs
Size

35KB
Sample

240502-c6gekseg3t
MD5

4ed04700dfbbe8caee8412da0a126b21
SHA1

8900f45a221de877c1426cb5b47cba6673ba02d8
SHA256

462739185259ac15157123f42441070d987e3cea3c266b016ee4f4f9235227a2
SHA512

a6a59edeff1ad55d61255b4a847688f584539e6220629bd773251294f31c5c75870bab81cff74b73f9406526176f63db59a5e0d8d0f4a656d1f175c9714d2856
SSDEEP

384:1E/p5dFHav1yv+wsDtps5WDxrFxIjsiMDPV08chzNjTA:+/pR8wsDvsUtF0sBPKzhTA

Score

8^/10

Malware Config

Targets

- Target
  
  02052024_0241_01052024_Payment-Advice00899383-PDF.vbs
- Size
  
  35KB
- MD5
  
  4ed04700dfbbe8caee8412da0a126b21
- SHA1
  
  8900f45a221de877c1426cb5b47cba6673ba02d8
- SHA256
  
  462739185259ac15157123f42441070d987e3cea3c266b016ee4f4f9235227a2
- SHA512
  
  a6a59edeff1ad55d61255b4a847688f584539e6220629bd773251294f31c5c75870bab81cff74b73f9406526176f63db59a5e0d8d0f4a656d1f175c9714d2856
- SSDEEP
  
  384:1E/p5dFHav1yv+wsDtps5WDxrFxIjsiMDPV08chzNjTA:+/pR8wsDvsUtF0sBPKzhTA
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2