aca5887474e22b7be6121c56919953745a7a821311080acbe8970da7ed9479b8 | Triage

Sharing

General

Target

aca5887474e22b7be6121c56919953745a7a821311080acbe8970da7ed9479b8.vbs
Size

4KB
Sample

241002-bw5trazhjr
MD5

a6e8ec20954128687a0534917c8f9ddd
SHA1

c0bac2548af02d37b18b16bddb39ccd9ea5f0cc2
SHA256

aca5887474e22b7be6121c56919953745a7a821311080acbe8970da7ed9479b8
SHA512

fbc0c1d14c95404731957278809f90295c31447fb08db21b823aa60836e0cb4831967078f21bdb6ca039eac24022e4628cea3007f74a34b553ca138b7d03513d
SSDEEP

96:iAOyxY2UJlJro6HFAxzc/vO3YFIbCh0JCrcIjxuS4AAJ/kncsd:l9xY2v6lAWuIFoMDcSo/Li

Score

8^/10

Malware Config

Targets

- Target
  
  aca5887474e22b7be6121c56919953745a7a821311080acbe8970da7ed9479b8.vbs
- Size
  
  4KB
- MD5
  
  a6e8ec20954128687a0534917c8f9ddd
- SHA1
  
  c0bac2548af02d37b18b16bddb39ccd9ea5f0cc2
- SHA256
  
  aca5887474e22b7be6121c56919953745a7a821311080acbe8970da7ed9479b8
- SHA512
  
  fbc0c1d14c95404731957278809f90295c31447fb08db21b823aa60836e0cb4831967078f21bdb6ca039eac24022e4628cea3007f74a34b553ca138b7d03513d
- SSDEEP
  
  96:iAOyxY2UJlJro6HFAxzc/vO3YFIbCh0JCrcIjxuS4AAJ/kncsd:l9xY2v6lAWuIFoMDcSo/Li
Score

8^/10
- Blocklisted process makes network request
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2