Overview

overview

8

Static

static

1

Scan0419.vbs

windows7-x64

8

Scan0419.vbs

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    bdfaa3e1970caa4d35634a187f689144_JaffaCakes118

  • Size

    3KB

  • Sample

    240824-f76mmsvhjd

  • MD5

    bdfaa3e1970caa4d35634a187f689144

  • SHA1

    a451d748f61e59ac2d394f54524fc82e1bc0cd41

  • SHA256

    75d8e6a55d21939640eecaffe70bad66e3780236c44a98293eac67d605d85040

  • SHA512

    60b6bf619c4e302501244eca33e82cf1a6b6f9467e86e05fb9fe92fc55f3a06054d2cc70121aeccbb216559e0adfe325306832b705273777efee1dc7206235cf

Score
8/10

Malware Config

Targets

    • Target

      Scan0419.vbs

    • Size

      11KB

    • MD5

      ac4457e838f65a4f868a7590fb2c4fe1

    • SHA1

      12b195496ef60aa392a516fc622f6516dd9eb2a3

    • SHA256

      ebcb8d3ec64375330d5a4ebfc2a79af796f893da2619f6f72402e7a0926e4bf0

    • SHA512

      3ba6ad197d343eb0b432216e29a69a1e6c46d0e09796763b47b269f4f8e88d7cb9c308bc88da187406f5e83b11bd5e0eef90feaddaf897eaca12a327cf1c04c4

    • SSDEEP

      192:qa9zlk3GknnznQve8Hi1mbQc+zE4pG6/IGx/GGPGQGqGuGEo5GQwP/5llHniSds/:qa9BkjnzQve8HkmbQc+To5GQwn5ldiSS

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks