17a4c226b67f9fd1834cd160bc8804cea29fa839b4e222dc038bf81d320dee70 | Triage

Sharing

General

Target

19092024_0653_Scanned Purchase Inquiry.vbs.zip
Size

3KB
Sample

240919-hnmfrswcjd
MD5

f9922b260918a8e2a5f2fd316928739f
SHA1

57bee540a243ec89a192df8a6e774870829f50e4
SHA256

17a4c226b67f9fd1834cd160bc8804cea29fa839b4e222dc038bf81d320dee70
SHA512

d780290ad5d7ece29ce9ec216f83f01f0ec1b98d511badf8b9bed9663c743949fb686ae56177a0d41bbd34f8a1d84e30977857ef24ffb7db0aeb2ba9fb61496f

Score

8^/10

Malware Config

Targets

- Target
  
  Scanned Purchase Inquiry.vbs
- Size
  
  6KB
- MD5
  
  e591827fd78724ea077dbcab839877fa
- SHA1
  
  5e976d2ae49fb4e220cf59ddad3cfd6d45c3f37e
- SHA256
  
  2342f9df70eed24aaba57e7a230fd8759fe97ccb97ac42735f174bbea6df1ee9
- SHA512
  
  a2b7592f1c174d40470d3ce7ae9c959b2a20bc0bcd451504260cd86c2b14a0184c85cd52d80b9ac2baa4e1a9277f6a46b82b0c82701bd1a77cb645c23b5d3441
- SSDEEP
  
  96:lmXU2FvTJj01wG8wau6OZvlAA85fs9rXsYKIqIx1Xqn71eYjfnLn+h:lmk2VTJqwXurAu9gGX1u71eA+h
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2