Overview

overview

10

Static

static

1

7bbf8390e8...78.vbs

windows7-x64

10

7bbf8390e8...78.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7bbf8390e8929f39b6dc12cd72bf1f27149fa013e474cee58d0beccfd8ff0478

  • Size

    270KB

  • Sample

    240919-dwqqyaybla

  • MD5

    86411a51ce00b455f29fd7fb32b8c938

  • SHA1

    6638e7675ff1e09284e32b9656e6eb1bd4ef71a2

  • SHA256

    7bbf8390e8929f39b6dc12cd72bf1f27149fa013e474cee58d0beccfd8ff0478

  • SHA512

    90b87aa667d329875444cc8643b32a88fd9d0df546f90cab66688b0a6508e6881c88c8996273e55a6bd3005c0efe77cc41a4b01078ad1acf9e10f8d5b70da42d

  • SSDEEP

    3072:0cmg0Bf8A+9999999999999999999999999999999999999999999N:0c/

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://pastebin.com/raw/fNYFJXVy

Targets

    • Target

      7bbf8390e8929f39b6dc12cd72bf1f27149fa013e474cee58d0beccfd8ff0478

    • Size

      270KB

    • MD5

      86411a51ce00b455f29fd7fb32b8c938

    • SHA1

      6638e7675ff1e09284e32b9656e6eb1bd4ef71a2

    • SHA256

      7bbf8390e8929f39b6dc12cd72bf1f27149fa013e474cee58d0beccfd8ff0478

    • SHA512

      90b87aa667d329875444cc8643b32a88fd9d0df546f90cab66688b0a6508e6881c88c8996273e55a6bd3005c0efe77cc41a4b01078ad1acf9e10f8d5b70da42d

    • SSDEEP

      3072:0cmg0Bf8A+9999999999999999999999999999999999999999999N:0c/

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks