8da5ed79da8da8c5521a238f05bb61bd1e48c59fab0bee7758fc11c163142396 | Triage

Sharing

General

Target

8da5ed79da8da8c5521a238f05bb61bd1e48c59fab0bee7758fc11c163142396.vbs
Size

73KB
Sample

241002-bs7tyazfpl
MD5

3f5e0a8b0d1ac0143d359bcb63171066
SHA1

7f6368b52a021340768f61ae047d88c7e6d4add3
SHA256

8da5ed79da8da8c5521a238f05bb61bd1e48c59fab0bee7758fc11c163142396
SHA512

a2a351604fd741bdb95f74836aad27de590eb96857413da9187071c37cc6efd5b261057cd6bec5b4df94d9dc61d3179d4a8a37a4e23b0d5279ba254e83b3f5b3
SSDEEP

1536:sC1DjneW/+yAxEfH8YQO2+VjuNaU7CGTE4+6GDoQVYf:sC1v/3A+fRVji7CW9dGGf

Score

8^/10

execution

Malware Config

Targets

- Target
  
  8da5ed79da8da8c5521a238f05bb61bd1e48c59fab0bee7758fc11c163142396.vbs
- Size
  
  73KB
- MD5
  
  3f5e0a8b0d1ac0143d359bcb63171066
- SHA1
  
  7f6368b52a021340768f61ae047d88c7e6d4add3
- SHA256
  
  8da5ed79da8da8c5521a238f05bb61bd1e48c59fab0bee7758fc11c163142396
- SHA512
  
  a2a351604fd741bdb95f74836aad27de590eb96857413da9187071c37cc6efd5b261057cd6bec5b4df94d9dc61d3179d4a8a37a4e23b0d5279ba254e83b3f5b3
- SSDEEP
  
  1536:sC1DjneW/+yAxEfH8YQO2+VjuNaU7CGTE4+6GDoQVYf:sC1v/3A+fRVji7CW9dGGf
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2