Overview

overview

10

Static

static

1

SSA_DOC#17...34.vbs

windows7-x64

10

SSA_DOC#17...34.vbs

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    SSA_DOC#1715073418634.vbs

  • Size

    733B

  • Sample

    240509-pcslzabf44

  • MD5

    68c8c79d84f5e3f10dd9328272b0ac55

  • SHA1

    5ab9a13ec0d01fc1ed71c27a1a23a61019cb8946

  • SHA256

    29841f038da6a26dac5df28f23b4adcb080f5b0a2312bf996c8073940849eef6

  • SHA512

    d86bd0ac3bd58ee9a1b06e1edba3c03788136292d81bd9cf025525c3a0e40bba9a7b6d5859833a9d470d29ab31b35d5515855a78691bfe54477631d9a0733f6a

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://193.222.96.193:81/besho/besho.mp4

Targets

    • Target

      SSA_DOC#1715073418634.vbs

    • Size

      733B

    • MD5

      68c8c79d84f5e3f10dd9328272b0ac55

    • SHA1

      5ab9a13ec0d01fc1ed71c27a1a23a61019cb8946

    • SHA256

      29841f038da6a26dac5df28f23b4adcb080f5b0a2312bf996c8073940849eef6

    • SHA512

      d86bd0ac3bd58ee9a1b06e1edba3c03788136292d81bd9cf025525c3a0e40bba9a7b6d5859833a9d470d29ab31b35d5515855a78691bfe54477631d9a0733f6a

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks