ef18b54b8f37d475de25d891221866bb252f710f141a5107f9ba39fb110fc0d7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef18b54b8f37d475de25d891221866bb252f710f141a5107f9ba39fb110fc0d7.vbs
Size

487KB
Sample

241001-cawjmayhnc
MD5

d969df11d11c9dfafbe27aacd81dcb82
SHA1

83748eb8a719110829c744930c7a0b88d8c1f107
SHA256

ef18b54b8f37d475de25d891221866bb252f710f141a5107f9ba39fb110fc0d7
SHA512

16898deedbe29ba6e2038ad4e731d55330f03330e83ecc104b0c7cdca5a09e8d1c08e04d3833ef50cd679b9cf218190d2ea243c253999a2b209e68df0d8895a8
SSDEEP

12288:GrKtbKUS3qE5jBQPwTcsG/O9bt6cUo0yXlBmpjB2taz5xgpf07UgLO9jT5KT1yYz:GAYN7GGl6AyS+

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt

exe.dropper

https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt

Targets

- Target
  
  ef18b54b8f37d475de25d891221866bb252f710f141a5107f9ba39fb110fc0d7.vbs
- Size
  
  487KB
- MD5
  
  d969df11d11c9dfafbe27aacd81dcb82
- SHA1
  
  83748eb8a719110829c744930c7a0b88d8c1f107
- SHA256
  
  ef18b54b8f37d475de25d891221866bb252f710f141a5107f9ba39fb110fc0d7
- SHA512
  
  16898deedbe29ba6e2038ad4e731d55330f03330e83ecc104b0c7cdca5a09e8d1c08e04d3833ef50cd679b9cf218190d2ea243c253999a2b209e68df0d8895a8
- SSDEEP
  
  12288:GrKtbKUS3qE5jBQPwTcsG/O9bt6cUo0yXlBmpjB2taz5xgpf07UgLO9jT5KT1yYz:GAYN7GGl6AyS+
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2