cee8a2a5680717eeae5f7703ccaff27a4fcbe22b4db78c9671308d1bedefd761 | Triage

Sharing

General

Target

cee8a2a5680717eeae5f7703ccaff27a4fcbe22b4db78c9671308d1bedefd761.vbs
Size

703KB
Sample

240710-xbcs5awdld
MD5

f1b75f0121271d4e6f174d28e3821244
SHA1

4d3ece676f79050cfa65c539edf6c34b29d82038
SHA256

cee8a2a5680717eeae5f7703ccaff27a4fcbe22b4db78c9671308d1bedefd761
SHA512

3ae88843320ef8cc73b311c84fc0158a439e83bf08c612a6757cc2c1ae9ffd9d091400a3ac354abeff3f6274222ef995bf5d4a57f74d084790313105a24d6437
SSDEEP

1536:oeeeeeeeeeeeeeeeeeeeeeee5WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWC:i

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://drive.google.com/uc?export=download&id=

Targets

- Target
  
  cee8a2a5680717eeae5f7703ccaff27a4fcbe22b4db78c9671308d1bedefd761.vbs
- Size
  
  703KB
- MD5
  
  f1b75f0121271d4e6f174d28e3821244
- SHA1
  
  4d3ece676f79050cfa65c539edf6c34b29d82038
- SHA256
  
  cee8a2a5680717eeae5f7703ccaff27a4fcbe22b4db78c9671308d1bedefd761
- SHA512
  
  3ae88843320ef8cc73b311c84fc0158a439e83bf08c612a6757cc2c1ae9ffd9d091400a3ac354abeff3f6274222ef995bf5d4a57f74d084790313105a24d6437
- SSDEEP
  
  1536:oeeeeeeeeeeeeeeeeeeeeeee5WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWC:i
Score

10^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2