b1f6ace20017902dbd10246ef780c162d7efa2c6eaa26934b45a784223c72293 | Triage

Sharing

General

Target

b1f6ace20017902dbd10246ef780c162d7efa2c6eaa26934b45a784223c72293.vbs
Size

5KB
Sample

240522-ckna1ahb6w
MD5

ebdb23546bd0e7f4aee2a75909460482
SHA1

5e11c38b784b7337fc2cc6ab7100c0240476c7a2
SHA256

b1f6ace20017902dbd10246ef780c162d7efa2c6eaa26934b45a784223c72293
SHA512

b16b6573af01d2bd2314c5de1d6dd6e4cbe8080ae0b72fe9180c95f27034e69cef1b1e078162ce7783195f37050d72c9e27940b73203586cc3e1908841faf234
SSDEEP

96:QN7IU07Fzr15ZV3J0j9b0xF6Q/0Gb1plVB4CXcZQfp:QFO7hB/pJ0xb2Fn/hpLCCXcKfp

Score

8^/10

Malware Config

Targets

- Target
  
  b1f6ace20017902dbd10246ef780c162d7efa2c6eaa26934b45a784223c72293.vbs
- Size
  
  5KB
- MD5
  
  ebdb23546bd0e7f4aee2a75909460482
- SHA1
  
  5e11c38b784b7337fc2cc6ab7100c0240476c7a2
- SHA256
  
  b1f6ace20017902dbd10246ef780c162d7efa2c6eaa26934b45a784223c72293
- SHA512
  
  b16b6573af01d2bd2314c5de1d6dd6e4cbe8080ae0b72fe9180c95f27034e69cef1b1e078162ce7783195f37050d72c9e27940b73203586cc3e1908841faf234
- SSDEEP
  
  96:QN7IU07Fzr15ZV3J0j9b0xF6Q/0Gb1plVB4CXcZQfp:QFO7hB/pJ0xb2Fn/hpLCCXcKfp
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2