General

  • Target

    f48dd920d2b31ee4f8426123f991b390023ad8b23f40d511101690781f3a8924.vbs

  • Size

    7.2MB

  • Sample

    240613-cj7m9a1apd

  • MD5

    00d8988b8332c979cd4be1a1b81adc94

  • SHA1

    f50db2050c871f3cfe544dd95460a316e66c5465

  • SHA256

    f48dd920d2b31ee4f8426123f991b390023ad8b23f40d511101690781f3a8924

  • SHA512

    c27713a3cabc4749e36aa1889bcf875e12190890d9f62cefcaa113dd4e5ccb502148c26046205e094d320d0a1b3f00bd2dbc602742b2cd582cdb467439e7e229

  • SSDEEP

    24576:itXptXZVkm5hwGV1VxOtXXtXjtXWtXktXvtXytXdtXEtXdtXStXhtX5tXStXhtXs:cf0NBoWlc72783P8XFTULrWgga

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://rentry.co/5xo7akcm/raw

Targets

    • Target

      f48dd920d2b31ee4f8426123f991b390023ad8b23f40d511101690781f3a8924.vbs

    • Size

      7.2MB

    • MD5

      00d8988b8332c979cd4be1a1b81adc94

    • SHA1

      f50db2050c871f3cfe544dd95460a316e66c5465

    • SHA256

      f48dd920d2b31ee4f8426123f991b390023ad8b23f40d511101690781f3a8924

    • SHA512

      c27713a3cabc4749e36aa1889bcf875e12190890d9f62cefcaa113dd4e5ccb502148c26046205e094d320d0a1b3f00bd2dbc602742b2cd582cdb467439e7e229

    • SSDEEP

      24576:itXptXZVkm5hwGV1VxOtXXtXjtXWtXktXvtXytXdtXEtXdtXStXhtX5tXStXhtXs:cf0NBoWlc72783P8XFTULrWgga

    Score
    10/10
    • Detects executables packed with ConfuserEx Mod

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks