ebab8d1c2d8ea94b1c9a4025ef1fca0f23e957ac68575f085731c7459d9bd16f | Triage

Resubmissions

12/07/2024, 07:45

240712-jldlhswhmg 8

Sharing

General

Target

I-MY-5323785035-D03395124_20240711081006.vbs
Size

34KB
Sample

240712-jldlhswhmg
MD5

957d64e4f6f9fd73176ea4a218026624
SHA1

2a53d35c9eec815702514fe59b80ad762dc52a9d
SHA256

ebab8d1c2d8ea94b1c9a4025ef1fca0f23e957ac68575f085731c7459d9bd16f
SHA512

0a9e42d2c1f64c236ebfaac715ffb9abf9334efb1405c016d6fc04d5c164165b01b4d886c48ae0a9d74e1b214676bff9c618bfbdece5212d4035e03a6c406350
SSDEEP

768:bhzMKHJtZV0FakVhrbDA617P0yPyPUtHw6bOjy310Y0T9ZOfXq:b+KYhrzYyPgEgZj

Score

8^/10

Malware Config

Targets

- Target
  
  I-MY-5323785035-D03395124_20240711081006.vbs
- Size
  
  34KB
- MD5
  
  957d64e4f6f9fd73176ea4a218026624
- SHA1
  
  2a53d35c9eec815702514fe59b80ad762dc52a9d
- SHA256
  
  ebab8d1c2d8ea94b1c9a4025ef1fca0f23e957ac68575f085731c7459d9bd16f
- SHA512
  
  0a9e42d2c1f64c236ebfaac715ffb9abf9334efb1405c016d6fc04d5c164165b01b4d886c48ae0a9d74e1b214676bff9c618bfbdece5212d4035e03a6c406350
- SSDEEP
  
  768:bhzMKHJtZV0FakVhrbDA617P0yPyPUtHw6bOjy310Y0T9ZOfXq:b+KYhrzYyPgEgZj
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2