4c95c7ad53e644cfda3a20e7c88812c38a2bcedc001cd6b94d95014c9a4b23b2 | Triage

Sharing

General

Target

20220830_ProtecoPTE..rar
Size

12KB
Sample

240502-hr7acabg9v
MD5

4e2888d7765350c296727e0d9882e527
SHA1

7d7c52b3ca0b367829989c1f491a62ea63a7278f
SHA256

4c95c7ad53e644cfda3a20e7c88812c38a2bcedc001cd6b94d95014c9a4b23b2
SHA512

f53ba53218cb5f1318e7d8e9a7cff369018a7d3a69dfca06a0972f8a1d8fd582754b262b1527a3a2c2af35263a9482a90fa80197d1fb5f1c33078155fa3d529c
SSDEEP

384:JxuunQqnnK6jZAp6yAiQMZ6zM73KDBrw46:fuctnnK6a6MBIQ3I36

Score

8^/10

Malware Config

Targets

- Target
  
  20220830_ProtecoPTE..vbs
- Size
  
  34KB
- MD5
  
  928637e9b64c9425fde7ca14e03aa101
- SHA1
  
  337201a455c055b2d79360bfb67ba81dbe64c4b0
- SHA256
  
  fbbb12ff0da331f5eba7d3745ba7d2e0184e175176b316c373c461b047f7ba8e
- SHA512
  
  5e34714a6b051073222ef2aa8bba45b50ab020bb875ee23057ae91508043badca490542b331c2ca5699f53db283a9399228da4e430fd06b42d3ec20c2fcd4b35
- SSDEEP
  
  768:iE/pRPD/VQHfE5kAZ6/PEAJPPvv/P4WNHeCSwFbwv21ov3dT8IcXRQ/Ua9Sr1TjT:iupRPD/yHfakAZ6/PEAJPPX/P4WVeCSm
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2