3b052fd84879b13d0842f7924d8459a5d7af1b6912bc62356aaf1c052b36e0b4 | Triage

Sharing

General

Target

DHL Shipping Invoices & Awb.7z.zip
Size

95KB
Sample

240625-kc1kcsyfjh
MD5

ed19255c10169a606fc8c04df523c1a3
SHA1

a64a5f7c55d81a205a6f33d0f43f2c62b4fa2024
SHA256

3b052fd84879b13d0842f7924d8459a5d7af1b6912bc62356aaf1c052b36e0b4
SHA512

f4a0185c478b6853e7838df8372c2a3ad16f334d1830c945c61c7686a1e40dd5479299e26f65ef0837071e0677ee6481ca7a95c05f9456155be268f9b910a44d
SSDEEP

1536:Ygq7bEW1G6/TDkJSnOziyRUZU5UxgjGzDDDw3Qli9P77I6R8fqTtk6j:y/EW1PrgJSnry2yigj4D3wglQZWfgk6j

Score

8^/10

Malware Config

Targets

- Target
  
  DHL Shipping Invoices & Awb.vbs
- Size
  
  186KB
- MD5
  
  0f6332cf27b69c905d1416977371373e
- SHA1
  
  367a54c2fc952b363026b4ea1b896711838fb597
- SHA256
  
  cb6b6df06cb8d4fdb05eda7ff2e480875efb3b91c54c58f848b1059bda8917bb
- SHA512
  
  a6ae798fad20774a991f6c153aac9124ef18f7a0d8507d18238153e068fbf825ad2ef0950d49c7100d55a504f8a9a76c48117817db080cbee29d15671a69cb0c
- SSDEEP
  
  3072:QmN8GGebKjeK3ubth+DCFxKCvBB/WnHPP1w/sLJFJ281QIHz1y8mNy7Ey1MgKTZe:Q08GxbKja3+DCbKCvBB/WnHXC/sLJFJP
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2