48c37299c9515e8cf91ff1faa09135014ae7303a88aea29e1d2298398200617f | Triage

Sharing

General

Target

48c37299c9515e8cf91ff1faa09135014ae7303a88aea29e1d2298398200617f.vbs
Size

49KB
Sample

240829-bwgf6axalh
MD5

af84a827601b117c89f0fe2a30604669
SHA1

6844a66c86b23a67429aee33094ba33bc9c61fe6
SHA256

48c37299c9515e8cf91ff1faa09135014ae7303a88aea29e1d2298398200617f
SHA512

08ed82ae956a5e05e54da7699471808b18bc3c741bf401e12421a0be51a72a38fc250f2c47732159dd7ddd8c770203707ee74fc65fe8ad173d6da77853a38c70
SSDEEP

384:3TZMJWa0ExTcydcXtfKUg9EHfHAWcaaySJTFpuIDoGWKj0vfyFkMAqfhCDnXSP3D:Daj0ExAVg9KTwRubhwkAL

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  48c37299c9515e8cf91ff1faa09135014ae7303a88aea29e1d2298398200617f.vbs
- Size
  
  49KB
- MD5
  
  af84a827601b117c89f0fe2a30604669
- SHA1
  
  6844a66c86b23a67429aee33094ba33bc9c61fe6
- SHA256
  
  48c37299c9515e8cf91ff1faa09135014ae7303a88aea29e1d2298398200617f
- SHA512
  
  08ed82ae956a5e05e54da7699471808b18bc3c741bf401e12421a0be51a72a38fc250f2c47732159dd7ddd8c770203707ee74fc65fe8ad173d6da77853a38c70
- SSDEEP
  
  384:3TZMJWa0ExTcydcXtfKUg9EHfHAWcaaySJTFpuIDoGWKj0vfyFkMAqfhCDnXSP3D:Daj0ExAVg9KTwRubhwkAL
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution