69582c207fa152d6f8ece5feca82e5b1b419bf4abf6da4ded6e90f5f4ceb9c63 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

69582c207fa152d6f8ece5feca82e5b1b419bf4abf6da4ded6e90f5f4ceb9c63.vbs
Size

1.7MB
Sample

240606-qtmygsff92
MD5

bf9225a86a25c0c090f2fb1c1f246051
SHA1

32efe8605161a4a150e3d7d15a5e7d9b391f7ead
SHA256

69582c207fa152d6f8ece5feca82e5b1b419bf4abf6da4ded6e90f5f4ceb9c63
SHA512

eff4d0462e673228c804949378cb23795cae5af29e1b5c2466cf543582ce3ebe93b76d324088e4266201a27830cf8e312971b5f6864db5795aeaa489fe058f00
SSDEEP

768:uRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRPm:4WX

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://91.202.233.169/Tak/Reg/Marz/ZQWER/DllXF3.txt

Targets

- Target
  
  69582c207fa152d6f8ece5feca82e5b1b419bf4abf6da4ded6e90f5f4ceb9c63.vbs
- Size
  
  1.7MB
- MD5
  
  bf9225a86a25c0c090f2fb1c1f246051
- SHA1
  
  32efe8605161a4a150e3d7d15a5e7d9b391f7ead
- SHA256
  
  69582c207fa152d6f8ece5feca82e5b1b419bf4abf6da4ded6e90f5f4ceb9c63
- SHA512
  
  eff4d0462e673228c804949378cb23795cae5af29e1b5c2466cf543582ce3ebe93b76d324088e4266201a27830cf8e312971b5f6864db5795aeaa489fe058f00
- SSDEEP
  
  768:uRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRPm:4WX
Score

10^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2