dd6342fe6aad393a8095cb0e7bda7835ad3712dd08659a73d33b94c4e6c89ac5 | Triage

Sharing

General

Target

dd6342fe6aad393a8095cb0e7bda7835ad3712dd08659a73d33b94c4e6c89ac5.vbs
Size

15KB
Sample

240523-cj94daab53
MD5

e9f75429771eea5902e035d06ace97a5
SHA1

4b0aa7016f426a2908ba3688e5b43a34c549e1f7
SHA256

dd6342fe6aad393a8095cb0e7bda7835ad3712dd08659a73d33b94c4e6c89ac5
SHA512

87007d2d712689b38bae910bd2463eef273d97d91f3a0efdd7e3885c03423ad327077369ebca1db533b94eaf2897f1421784f424899e7f7cbdfce69972b29b59
SSDEEP

384:kps7AWHH16GDlyqx2rmaTb9b+AuXJW4Bi+QyX84+wBLjlcDfu8LU0lfdFd1ksHDH:kps7AWHH16GDlyqx2rmaTb9b+AuXJW4k

Score

8^/10

Malware Config

Targets

- Target
  
  dd6342fe6aad393a8095cb0e7bda7835ad3712dd08659a73d33b94c4e6c89ac5.vbs
- Size
  
  15KB
- MD5
  
  e9f75429771eea5902e035d06ace97a5
- SHA1
  
  4b0aa7016f426a2908ba3688e5b43a34c549e1f7
- SHA256
  
  dd6342fe6aad393a8095cb0e7bda7835ad3712dd08659a73d33b94c4e6c89ac5
- SHA512
  
  87007d2d712689b38bae910bd2463eef273d97d91f3a0efdd7e3885c03423ad327077369ebca1db533b94eaf2897f1421784f424899e7f7cbdfce69972b29b59
- SSDEEP
  
  384:kps7AWHH16GDlyqx2rmaTb9b+AuXJW4Bi+QyX84+wBLjlcDfu8LU0lfdFd1ksHDH:kps7AWHH16GDlyqx2rmaTb9b+AuXJW4k
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2