Extracted

Extracted

• • Target

    ATT000211189221100.vbs

  • Size

    550KB

  • MD5

    f4c17c1f9588b303483c9179052b6ff4

  • SHA1

    3b2a424c407a7908e6c697bb18e710dd3118d725

  • SHA256

    06d4033beea299846b24d41f118f1f6469e0cd8a9a04818f1a618afe80a722a8

  • SHA512

    2486f796f967527650f5b0883614d65506b73b4b7ee23db9d69278852562ccf90b7d916605871aa545c24960e7cc7ede58fbb1be2ae193e57a3141cc61db29b7

  • SSDEEP

    1536:pBBBBBBBBBBBBBBBBBY////////////////////////////////////////////M:8pU

  Score

  10^/10

  executiondefense_evasion

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  behavioral1behavioral2