Overview

overview

8

Static

static

1

CanadaPost.vbs

windows7-x64

8

CanadaPost.vbs

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a368bd23bfec72919b351f2680195980_JaffaCakes118

  • Size

    138KB

  • Sample

    240613-b4yemstbrr

  • MD5

    a368bd23bfec72919b351f2680195980

  • SHA1

    390c7b5e77485f5e3a4ae19699eea037955caf0f

  • SHA256

    6260bea1410938b18aad4f78a38dac1cd9530738e7b232f195ad567e1236cdcf

  • SHA512

    73b6dc01970e6df9a6bd5fede5a5b0c6dc261396927133165c4b3b4f4bf5dcc2db4fb79450f50c4ff456d6863e2bd7506baae32c4e11bf93ef79f0af4209819d

  • SSDEEP

    3072:2brTWA+G5WXz94KLeCIUud8E7qjdmhvpSMx8zuLgQsZ:2bt+G5WB4KLPIfd17sdmhvpSMjLU

Score
8/10
executionpersistence

Malware Config

Targets

    • Target

      CanadaPost.vbs

    • Size

      992KB

    • MD5

      96c5986b404a8c6e6de74d0cfb8378e3

    • SHA1

      4d1da67b3435078a52b93fb152cd0fdeb961e9df

    • SHA256

      09d140195418ed9897b3e54c59eb4f3a4b400d3334c59d5e531ae33e41cfd417

    • SHA512

      c6177c267998a221a5b2216f88adc99e6f58bd14aef5aaadd2b3ad05a302112750fda3cd9031e523f31fbd1d7af5a09c3582787e43a2b2c2e00de39bb5e24ca3

    • SSDEEP

      6144:bCJ1K7dEWn1Tm3dKRZObCHTiR5hejeGyWuMEV9ZOLEJ77DXWtE8dPbnsch48T88m:/MsFAAa4esRzuhX

    Score
    8/10
    executionpersistence

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks