Overview

overview

8

Static

static

1

4f1f6b3861...8d.vbs

windows7-x64

8

4f1f6b3861...8d.vbs

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    b0880a1b5d48b2c00faf73348e033026.bin

  • Size

    2KB

  • Sample

    240604-dy81ascc22

  • MD5

    408681eee92c65b9e30d21c73967ce18

  • SHA1

    3a6ddfa8dde7385e5eb6d27b272786daee9aa08a

  • SHA256

    5d4093e81963e6499eb17c01029f9c8d543c7b842a5405441351453acbd715e8

  • SHA512

    552f20598dc418b30d64909c3684f293aa5ad80b474b6bc6f3b2213fa37efae8c2ee686686b81a993c503c9518773de7a9664db8c20178ebf30e7d0f03a8a6c1

Score
8/10

Malware Config

Targets

    • Target

      4f1f6b38616ce2f8c0b63b47aec5a614ec62d6ba66e8d31d61d26e3416f8e38d.vbs

    • Size

      6KB

    • MD5

      b0880a1b5d48b2c00faf73348e033026

    • SHA1

      9e1433caf796fcd191fb3a1214e36aae7985318e

    • SHA256

      4f1f6b38616ce2f8c0b63b47aec5a614ec62d6ba66e8d31d61d26e3416f8e38d

    • SHA512

      ea2fa6026b30158dfd58a61b236d3473e9c601807117593d81e21c6f6e9d2026217c2c093b3647a5d93625d60e9d8bd98c7038080283945217b58c3b1024c5ed

    • SSDEEP

      96:Ww/IRkcyXoAxpqzpZNPAOPEL3iM4N2FMUCndSZKVmwGC4xXxpZFd0V:XukPHxpq9ZN4OMDi5HnQA8XxJd0V

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks