Overview

overview

8

Static

static

1

DHL-FORM.vbs

windows7-x64

8

DHL-FORM.vbs

windows10-2004-x64

8

Resubmissions

15/05/2024, 15:44

240515-s6kp1age33 10

15/05/2024, 15:18

240515-sptlksfc5y 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    DHL-FORM.tar.lz

  • Size

    12KB

  • Sample

    240515-sptlksfc5y

  • MD5

    73d4afda5b8c5bdd259edefdf61277a4

  • SHA1

    c56d60ca762f61e324d2c964b0a61cd085d5e48d

  • SHA256

    023555e9692dd9e013bc71a71703e6420057e0e5f671aa53b342dcc569827532

  • SHA512

    4ddadbff909785efb82f63002ca92770fc18baaa31283e7faa4d957e4780939cee06e5f31f5a5ebbe8fe2bb223d74c2fb1f015f2ee68ed1092ae7a9f7d229f26

  • SSDEEP

    384:0S1QuJ3WOWiDF3tgZPNeoyXwOBY52nZcoH:r1QqBWiD5tAkjq2nZv

Score
8/10
persistence

Malware Config

Targets

    • Target

      DHL-FORM.vbs

    • Size

      23KB

    • MD5

      0bd7c8ef21f710b46940bd86875d5b56

    • SHA1

      d286ef8490fbe81008c236fae2c71d998630dd61

    • SHA256

      2a2d8119c080478a79803f6475982389e8932af33ee5999c50d4aa3f65c8f91f

    • SHA512

      9b7e297e13f71255cdb4fb401074b7b934f9abb5db465a05905172e0c5f87b9a93f6cc23083022a53705327291f488d3b8b9d7f3e3f111323672eb5f77de9c63

    • SSDEEP

      384:9jYyYZkAniuZSuqDk5OJLa3fFG84Q4ryLGfa+zMrgVHrQVw:NYrZnnB+belZLcbrgw

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks