Overview

overview

10

Static

static

1

da78b6a3b5...00.vbs

windows7-x64

10

da78b6a3b5...00.vbs

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    da78b6a3b5c884402e96f23552ee698fa93eeb0f3f2d5000c4eacceb3e0e9200.vbs

  • Size

    252KB

  • Sample

    241002-d22qdsyena

  • MD5

    9503d35044eaa634d441efcd5f0426fb

  • SHA1

    b201d07cbbd3050d66f1354585ab05751ff126ac

  • SHA256

    da78b6a3b5c884402e96f23552ee698fa93eeb0f3f2d5000c4eacceb3e0e9200

  • SHA512

    96a7bf85e9db2946d3b82b611a130030c569909ca4f9b4779cabe64be79e830afcdbb4246f3f7743abdd3a526195a022a07faf116b4df3556342e99a45bd2d62

  • SSDEEP

    6144:fNApeDCCDlXetMRebQwWtUWBbd5dgufzibtf7q6dTe9:lApeDC2lXetMR6QRtrbd5KufziZ7Rda9

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
exe.dropper

https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt

Targets

    • Target

      da78b6a3b5c884402e96f23552ee698fa93eeb0f3f2d5000c4eacceb3e0e9200.vbs

    • Size

      252KB

    • MD5

      9503d35044eaa634d441efcd5f0426fb

    • SHA1

      b201d07cbbd3050d66f1354585ab05751ff126ac

    • SHA256

      da78b6a3b5c884402e96f23552ee698fa93eeb0f3f2d5000c4eacceb3e0e9200

    • SHA512

      96a7bf85e9db2946d3b82b611a130030c569909ca4f9b4779cabe64be79e830afcdbb4246f3f7743abdd3a526195a022a07faf116b4df3556342e99a45bd2d62

    • SSDEEP

      6144:fNApeDCCDlXetMRebQwWtUWBbd5dgufzibtf7q6dTe9:lApeDC2lXetMR6QRtrbd5KufziZ7Rda9

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks