31b128f2442aa4c58503cb299f8ecf391119a3104aef762537061182c95537ad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31b128f2442aa4c58503cb299f8ecf391119a3104aef762537061182c95537ad.wsf
Size

3KB
Sample

240925-bvg2aswhmj
MD5

a1373c64ddc49fd6affb0438cfc8221f
SHA1

d3ae82986edcbb76a81bfe8db65ed41a59624ec1
SHA256

31b128f2442aa4c58503cb299f8ecf391119a3104aef762537061182c95537ad
SHA512

e67352eba46223b8497bb4e1d029c8c06542b8491dde978ca10b009529e7fa37298e8c5bcf6e02769f2dd7857df61c404a51c9f8e06c99e8e24c53c418c97b48

Score

8^/10

Malware Config

Targets

- Target
  
  31b128f2442aa4c58503cb299f8ecf391119a3104aef762537061182c95537ad.wsf
- Size
  
  3KB
- MD5
  
  a1373c64ddc49fd6affb0438cfc8221f
- SHA1
  
  d3ae82986edcbb76a81bfe8db65ed41a59624ec1
- SHA256
  
  31b128f2442aa4c58503cb299f8ecf391119a3104aef762537061182c95537ad
- SHA512
  
  e67352eba46223b8497bb4e1d029c8c06542b8491dde978ca10b009529e7fa37298e8c5bcf6e02769f2dd7857df61c404a51c9f8e06c99e8e24c53c418c97b48
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2