2302e959d65c30ae1abd47d34d4e421bb629b9ab4a2ec04277170691bb5abefd | Triage

Sharing

General

Target

2302e959d65c30ae1abd47d34d4e421bb629b9ab4a2ec04277170691bb5abefd.vbs
Size

242KB
Sample

241002-dwxjgsycjg
MD5

adadc5d47f87dd519f9a7da9ba03daf5
SHA1

3de39ed4ff76305d9dc87b484bf2b78d7f332dbf
SHA256

2302e959d65c30ae1abd47d34d4e421bb629b9ab4a2ec04277170691bb5abefd
SHA512

93296d34e418a2885e2b9beb0c58078bb0d2f9ae7f27d39c6b404158e37d936efdd1ba10277ffbe5dc23a1bc26e0eb9d92e90a082ab7d44c4ffb39ff5d5ee1a0
SSDEEP

3072:KstfnxfYcd4gQu4Nl2YPfeesDvb7Ngt5pZGwRDaapS7emX8ANolXiZ+k+ugv/6xy:xfniUNYlMe6sAyY+uY6M/es

Score

10^/10

execution persistence

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt

exe.dropper

https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt

Targets

- Target
  
  2302e959d65c30ae1abd47d34d4e421bb629b9ab4a2ec04277170691bb5abefd.vbs
- Size
  
  242KB
- MD5
  
  adadc5d47f87dd519f9a7da9ba03daf5
- SHA1
  
  3de39ed4ff76305d9dc87b484bf2b78d7f332dbf
- SHA256
  
  2302e959d65c30ae1abd47d34d4e421bb629b9ab4a2ec04277170691bb5abefd
- SHA512
  
  93296d34e418a2885e2b9beb0c58078bb0d2f9ae7f27d39c6b404158e37d936efdd1ba10277ffbe5dc23a1bc26e0eb9d92e90a082ab7d44c4ffb39ff5d5ee1a0
- SSDEEP
  
  3072:KstfnxfYcd4gQu4Nl2YPfeesDvb7Ngt5pZGwRDaapS7emX8ANolXiZ+k+ugv/6xy:xfniUNYlMe6sAyY+uY6M/es
Score

10^/10

execution persistence
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

executionpersistence