31a8c9d6f61346b95e41ee64547aa6160932a0f740f4a712c26b6b7f1015a588 | Triage

Sharing

General

Target

DHL Polska_Powiadomienie oprzesyłce 28036893335.vbs
Size

23KB
Sample

240703-g8x8bsvflr
MD5

3b5b96bb9765b0c37f926296a205a2d6
SHA1

30ba62c4b319c4950bf70b83634bc8108c50c6da
SHA256

31a8c9d6f61346b95e41ee64547aa6160932a0f740f4a712c26b6b7f1015a588
SHA512

06e329ddad34da47c9b7db6da0ad18c1de2f9fff9601f489afc0fc5e92a133e65281084eeac14f026ca468ceff1ff1d70b01a0042eeb81680d50edbfa51fcafb
SSDEEP

384:tEqYZcPlL8XOzXAK6W9H/tspWpf4fETh9QI32xeyBhvRs4bXKXD:tEqD9UOzddufwQIQf7Kz

Score

8^/10

Malware Config

Targets

- Target
  
  DHL Polska_Powiadomienie oprzesyłce 28036893335.vbs
- Size
  
  23KB
- MD5
  
  3b5b96bb9765b0c37f926296a205a2d6
- SHA1
  
  30ba62c4b319c4950bf70b83634bc8108c50c6da
- SHA256
  
  31a8c9d6f61346b95e41ee64547aa6160932a0f740f4a712c26b6b7f1015a588
- SHA512
  
  06e329ddad34da47c9b7db6da0ad18c1de2f9fff9601f489afc0fc5e92a133e65281084eeac14f026ca468ceff1ff1d70b01a0042eeb81680d50edbfa51fcafb
- SSDEEP
  
  384:tEqYZcPlL8XOzXAK6W9H/tspWpf4fETh9QI32xeyBhvRs4bXKXD:tEqD9UOzddufwQIQf7Kz
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2