841bfb8481e179f4d401d0b58b8230eb7c474914e3ca2e4e550e0dc9ef231113 | Triage

Sharing

General

Target

841bfb8481e179f4d401d0b58b8230eb7c474914e3ca2e4e550e0dc9ef231113.vbs
Size

4KB
Sample

240522-cb79tagf56
MD5

de9bd11a9b255ed79c168051414c5ec2
SHA1

863a99be31ef99e905bd44e472fd342b7104777b
SHA256

841bfb8481e179f4d401d0b58b8230eb7c474914e3ca2e4e550e0dc9ef231113
SHA512

361f095e88a387dd164350c35f80d4bc5ac1b440dc4cddff4c4e6529d863791a23997a5f97a0c803594c933dbc0fd537435b9b507815ca836396d0ec828a63bb
SSDEEP

96:QhlUfeZsBmpDAcPV1kW//GOsxoJ8YFlRhpeilDg33FPU0C+WEKfp:Q3r8cPnx/Go5kilQfCXEKfp

Score

8^/10

Malware Config

Targets

- Target
  
  841bfb8481e179f4d401d0b58b8230eb7c474914e3ca2e4e550e0dc9ef231113.vbs
- Size
  
  4KB
- MD5
  
  de9bd11a9b255ed79c168051414c5ec2
- SHA1
  
  863a99be31ef99e905bd44e472fd342b7104777b
- SHA256
  
  841bfb8481e179f4d401d0b58b8230eb7c474914e3ca2e4e550e0dc9ef231113
- SHA512
  
  361f095e88a387dd164350c35f80d4bc5ac1b440dc4cddff4c4e6529d863791a23997a5f97a0c803594c933dbc0fd537435b9b507815ca836396d0ec828a63bb
- SSDEEP
  
  96:QhlUfeZsBmpDAcPV1kW//GOsxoJ8YFlRhpeilDg33FPU0C+WEKfp:Q3r8cPnx/Go5kilQfCXEKfp
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2