383045b66fe2c7bc0329fe7c671ab1b7d6c2a5334530f4972e0a364a2382c9f3 | Triage

Sharing

General

Target

383045b66fe2c7bc0329fe7c671ab1b7d6c2a5334530f4972e0a364a2382c9f3.vbe
Size

5KB
Sample

240523-bp7d1agc6t
MD5

ee79e648e91b1ce814880ccde05bc2f5
SHA1

7b42afec990d74d33d650d4d82b85057f30fad0c
SHA256

383045b66fe2c7bc0329fe7c671ab1b7d6c2a5334530f4972e0a364a2382c9f3
SHA512

769dae3c283203508d24e1edf4b4619498db1af9f2ca90dedbbf538ec15d5ff9d25a912a1c12221dc6cef3af1d41051bd15fea827f310aaacc2554d220ae3ad8
SSDEEP

96:Q1k8HdF1YeCbuTUtYX3Mu0sTwsZ0pstwIjzSv+vvddxDpE5IHf0d21XmwDCToWHO:QHHj0tQ3z0sZwstwIjzyYvddxDa5IHfL

Score

8^/10

Malware Config

Targets

- Target
  
  383045b66fe2c7bc0329fe7c671ab1b7d6c2a5334530f4972e0a364a2382c9f3.vbe
- Size
  
  5KB
- MD5
  
  ee79e648e91b1ce814880ccde05bc2f5
- SHA1
  
  7b42afec990d74d33d650d4d82b85057f30fad0c
- SHA256
  
  383045b66fe2c7bc0329fe7c671ab1b7d6c2a5334530f4972e0a364a2382c9f3
- SHA512
  
  769dae3c283203508d24e1edf4b4619498db1af9f2ca90dedbbf538ec15d5ff9d25a912a1c12221dc6cef3af1d41051bd15fea827f310aaacc2554d220ae3ad8
- SSDEEP
  
  96:Q1k8HdF1YeCbuTUtYX3Mu0sTwsZ0pstwIjzSv+vvddxDpE5IHf0d21XmwDCToWHO:QHHj0tQ3z0sZwstwIjzyYvddxDa5IHfL
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2