db4c6801d043451b73355b5d2e95c5f12258b8c5e0380064f8d3aec1b97ae2b3 | Triage

Sharing

General

Target

db4c6801d043451b73355b5d2e95c5f12258b8c5e0380064f8d3aec1b97ae2b3.vbs
Size

4KB
Sample

241002-b2ql1svbmb
MD5

8a8dcd40a5967be6b3c532fe608125ad
SHA1

b366cbfb71de60d0b9274dcb442dcc5b899c7fa1
SHA256

db4c6801d043451b73355b5d2e95c5f12258b8c5e0380064f8d3aec1b97ae2b3
SHA512

a6e04c084a2a332bf0ae680a95d4932068f552e4915edbfd58facff5b6fb3826b071243c9d03ab3d2fbbd7880272ca5aa92356faef0fd9833baa5cd417326d60
SSDEEP

96:iAOyxY2UJlJro6HFAxzc/vO3YFIbCh0JCrcIjxuS4AAJ/kncs7:l9xY2v6lAWuIFoMDcSo/LI

Score

8^/10

Malware Config

Targets

- Target
  
  db4c6801d043451b73355b5d2e95c5f12258b8c5e0380064f8d3aec1b97ae2b3.vbs
- Size
  
  4KB
- MD5
  
  8a8dcd40a5967be6b3c532fe608125ad
- SHA1
  
  b366cbfb71de60d0b9274dcb442dcc5b899c7fa1
- SHA256
  
  db4c6801d043451b73355b5d2e95c5f12258b8c5e0380064f8d3aec1b97ae2b3
- SHA512
  
  a6e04c084a2a332bf0ae680a95d4932068f552e4915edbfd58facff5b6fb3826b071243c9d03ab3d2fbbd7880272ca5aa92356faef0fd9833baa5cd417326d60
- SSDEEP
  
  96:iAOyxY2UJlJro6HFAxzc/vO3YFIbCh0JCrcIjxuS4AAJ/kncs7:l9xY2v6lAWuIFoMDcSo/LI
Score

8^/10
- Blocklisted process makes network request
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2