99fcaa8b75247984e2e2a1cee9250ab8d09dba9a93488a5e4e6021e69eb72463 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

99fcaa8b75247984e2e2a1cee9250ab8d09dba9a93488a5e4e6021e69eb72463.vbs
Size

33KB
Sample

240503-cav8vsec68
MD5

f7439b9e463846522c773de75019ff44
SHA1

180ec2b7ee0566be31aadf210a5cd48dc77fe333
SHA256

99fcaa8b75247984e2e2a1cee9250ab8d09dba9a93488a5e4e6021e69eb72463
SHA512

6dc5d5e4aa5d954c24d50902b54129ddeec2c8ba7acf2be4f677f842bab73f324284829b44c26b8e10ffeeb2adca52df0d7ee519af7fb25c2b22ed2d99145857
SSDEEP

384:mE/p5dFHavaymXzG/MuPoH6SKh8148TsQt4wHf5pmdy9:f/pRvy/MuRSSC48AjwHf5pp

Score

8^/10

Malware Config

Targets

- Target
  
  99fcaa8b75247984e2e2a1cee9250ab8d09dba9a93488a5e4e6021e69eb72463.vbs
- Size
  
  33KB
- MD5
  
  f7439b9e463846522c773de75019ff44
- SHA1
  
  180ec2b7ee0566be31aadf210a5cd48dc77fe333
- SHA256
  
  99fcaa8b75247984e2e2a1cee9250ab8d09dba9a93488a5e4e6021e69eb72463
- SHA512
  
  6dc5d5e4aa5d954c24d50902b54129ddeec2c8ba7acf2be4f677f842bab73f324284829b44c26b8e10ffeeb2adca52df0d7ee519af7fb25c2b22ed2d99145857
- SSDEEP
  
  384:mE/p5dFHavaymXzG/MuPoH6SKh8148TsQt4wHf5pmdy9:f/pRvy/MuRSSC48AjwHf5pp
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2