General

  • Target

    2ad1c6a615270f430e34d4fcfa6c3245.bin

  • Size

    402KB

  • Sample

    240530-b8cnqsbb73

  • MD5

    752ee6ab9508abf81232e4739da127df

  • SHA1

    08cfa1cabfb73370793ee7fc19b84c433bf87492

  • SHA256

    bb72dcce66a3a30a5223cf1c436d4ae9b1ef0e937f38300925e279a86cc89bf2

  • SHA512

    97c0b38eed40c7f882de1897d6a9d8c87208dc07a872594280c7037ef73cf134bc41df4ba8abb4698342cc5ebdddf5be3900017563a921299e9131106a805248

  • SSDEEP

    12288:m0Lmyg2CcxiNx7DcKc+P6fuZ141drVfzh:m5yg2C/NxV1CfuZ1mrVfN

Score
8/10

Malware Config

Targets

    • Target

      6af8cef5811fe0f2d7d36c23a0180b6aa1ab7f66ca39c6a2b513f85a9bb5817d.vbs

    • Size

      1.1MB

    • MD5

      2ad1c6a615270f430e34d4fcfa6c3245

    • SHA1

      117146e34def5b8c5bbae1b9eec51a6944417c7f

    • SHA256

      6af8cef5811fe0f2d7d36c23a0180b6aa1ab7f66ca39c6a2b513f85a9bb5817d

    • SHA512

      5692c9b37f1969b01a0c7f4042924238e94a5d5ab0e0c1ef01f20ecd81fd8b34b4de4587342950097a71c30881a90b4b3907dc7505dc78e3f1fc148f6847a128

    • SSDEEP

      12288:/31cvBzbU01qal638iNX3iTMgmuYtWN/ZgMiQPeRj8:/Yz64+2Sj8

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks