eb0e02fdfc3ee053461a9f3a3538f7d67016e270c5bcc786feae1428f3712f2c | Triage

Sharing

General

Target

09072024_1336_08072024_att1-2406261629573.Gz
Size

8KB
Sample

240709-qv9hwawfqq
MD5

d868ef596fd86d6b6b9229c8aba22e23
SHA1

a936cd89044e6df262934e68b4697c2b3f78614e
SHA256

eb0e02fdfc3ee053461a9f3a3538f7d67016e270c5bcc786feae1428f3712f2c
SHA512

a8f7ca11731222548626fe86e883a39ee1651133c5bf4d2b89222591eae53a3736a09d8fc2f3c4e5d759f602bc6ec714dece895e7b1c5e9242eda4190c2e1660
SSDEEP

192:BPZhD4kcjkoEag4RL4LcI4zqKadGUruGsDS83OvzWPBR9L8F:BPZSjfDg0yKmTd5ruG17OL8F

Score

8^/10

Malware Config

Targets

- Target
  
  att1-2406261629573.vbs
- Size
  
  22KB
- MD5
  
  fba9d2bc853a3bba90bededc2c5daf78
- SHA1
  
  2fd3a5b4798778dcd88151fd7af3bc9a51df134d
- SHA256
  
  d2c6cbde8e53d5ff001da2f40dfa7e86278abbc6dcd1636d3a5d4276eeb6d36b
- SHA512
  
  fc8195408d0ec5e3c72b820f09dbed4fe4ab879e4e744579046ff257b11fd5441413b2b36a62877fd6b0c63d79b8c116f232b244555230cd5c26a673723966a0
- SSDEEP
  
  384:JEqYZkW4dGpmUD0Rx5ax43pmqaTz0+5lwoodQ:JEq99opmJzIK3pmqIw+5lnCQ
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2