28d92e515ba0386d174bf63ced7198c1368f200a8134dd2da4b482aa6c6579a1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28d92e515ba0386d174bf63ced7198c1368f200a8134dd2da4b482aa6c6579a1
Size

12KB
Sample

240526-ys1f7aac2z
MD5

35a278cac89eef517553c7a4e80dfbae
SHA1

edf47ff63a3e95d71584dc1c06103c9d7d23d70a
SHA256

28d92e515ba0386d174bf63ced7198c1368f200a8134dd2da4b482aa6c6579a1
SHA512

19b80dbf10153f9dd9685c27811bad7b83a1ff09a295f9cf4f8ccf7d4fd8c151e500f89d5be305e22dd48b99fb96636851334482c9b36e187cc0f1ed2c2897d4
SSDEEP

384:8L7li/2znq2DcEQvdhcJKLTp/NK9xaX4:aDM/Q9cX4

Score

7^/10

Malware Config

Targets

- Target
  
  28d92e515ba0386d174bf63ced7198c1368f200a8134dd2da4b482aa6c6579a1
- Size
  
  12KB
- MD5
  
  35a278cac89eef517553c7a4e80dfbae
- SHA1
  
  edf47ff63a3e95d71584dc1c06103c9d7d23d70a
- SHA256
  
  28d92e515ba0386d174bf63ced7198c1368f200a8134dd2da4b482aa6c6579a1
- SHA512
  
  19b80dbf10153f9dd9685c27811bad7b83a1ff09a295f9cf4f8ccf7d4fd8c151e500f89d5be305e22dd48b99fb96636851334482c9b36e187cc0f1ed2c2897d4
- SSDEEP
  
  384:8L7li/2znq2DcEQvdhcJKLTp/NK9xaX4:aDM/Q9cX4
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2