03bb5d9425464244cb7574cba9929b3dc0e789916b46f2bf5a8e7b533034475f | Triage

Sharing

General

Target

trigger.vbs
Size

3KB
Sample

240719-v7jv7swbrb
MD5

200f9345cf839af7b98457b9e408446f
SHA1

57752503ef0c8afe36376f5b2132582682577b2c
SHA256

03bb5d9425464244cb7574cba9929b3dc0e789916b46f2bf5a8e7b533034475f
SHA512

da53cdc6380854f54abea0a9917220dbf20dca448365eaa17a344eba2b1976aeac0f57acbd6244f5c001b3fb1e6e5d94e4fa6ab0ce4a844856e4d1189d98fffd

Score

8^/10

discovery exploit

Malware Config

Targets

- Target
  
  trigger.vbs
- Size
  
  3KB
- MD5
  
  200f9345cf839af7b98457b9e408446f
- SHA1
  
  57752503ef0c8afe36376f5b2132582682577b2c
- SHA256
  
  03bb5d9425464244cb7574cba9929b3dc0e789916b46f2bf5a8e7b533034475f
- SHA512
  
  da53cdc6380854f54abea0a9917220dbf20dca448365eaa17a344eba2b1976aeac0f57acbd6244f5c001b3fb1e6e5d94e4fa6ab0ce4a844856e4d1189d98fffd
Score

8^/10

discovery exploit
- Blocklisted process makes network request
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexploit

behavioral2

discoveryexploit