5399da749fe07467570bd0d81e3733b140df33dd75670a57362a6f4aa0dcafca | Triage

Sharing

General

Target

dl.vbs
Size

587B
Sample

240716-l8j3xsxdpp
MD5

a9552114991c6ae378830ed3955d4414
SHA1

8655717e2a3ced90d352a7faf2586a73cefea7d8
SHA256

5399da749fe07467570bd0d81e3733b140df33dd75670a57362a6f4aa0dcafca
SHA512

a50b12dc7c531ec699a437fd8ab669aa70a477da49dd89ff16ef75ef68260963c82647a57c9b0a465ba106f9fa8302d534185ecf7b303f6f50493edc20736e6f

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://94.131.117.72/ldvb/pw

Targets

- Target
  
  dl.vbs
- Size
  
  587B
- MD5
  
  a9552114991c6ae378830ed3955d4414
- SHA1
  
  8655717e2a3ced90d352a7faf2586a73cefea7d8
- SHA256
  
  5399da749fe07467570bd0d81e3733b140df33dd75670a57362a6f4aa0dcafca
- SHA512
  
  a50b12dc7c531ec699a437fd8ab669aa70a477da49dd89ff16ef75ef68260963c82647a57c9b0a465ba106f9fa8302d534185ecf7b303f6f50493edc20736e6f
Score

10^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2