b5682f78db9fa635d820b9d33ee8e5dc4ec20766865335a927ec9d4b049b0c55 | Triage

Sharing

General

Target

tyumon_vbs.zip
Size

11KB
Sample

241004-jz1m7sshkm
MD5

b35c535fe29249de20d74147035378c8
SHA1

2273dfd20fb2336affa4f1f90d09ec56614d3c4a
SHA256

b5682f78db9fa635d820b9d33ee8e5dc4ec20766865335a927ec9d4b049b0c55
SHA512

008f6833843e7d9033501339f765cbba0a1f6410a1abf98a2f4d2ea25c4636453a6eff23d3983ff37b4d76b8c82a0d7a010c592d73fa1f59a7ca1a5a86b7214e
SSDEEP

192:Ts10bl9FMagrVGHXk/okIyFoGZgYnWDMw2ar8cvryeYwXvFcZHxFit3aww5kB8JE:Ts1WXgrV+U///ZvnW/XjqweRFitqh5t+

Score

10^/10

defense_evasion execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://drive.google.com/uc?export=download&id=

Extracted

Credentials

Protocol: ftp
Host:
ftp.desckvbrat.com.br
Port:
21
Username:
desckvbrat1
Password:
developerpro21578Jp@@

Targets

- Target
  
  bbe996677004e41892ef43be26231157cda3f364730f1af522dbdca9816e03a3
- Size
  
  562KB
- MD5
  
  29234d373b3118d99da44ae211f227a5
- SHA1
  
  f084f4248be8e1e13e4c6ddf5388e7eafc4a6b4a
- SHA256
  
  bbe996677004e41892ef43be26231157cda3f364730f1af522dbdca9816e03a3
- SHA512
  
  d434084bf1b635b527ac6b715a8a22202387699a522c759265f6e7f01e369cefeec62c87b582a2ad29711c7524af15c5d66b45cd038732cad44df3ab3e97c1f7
- SSDEEP
  
  1536:kmmmmmmmmmmmmmmmmmmyFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFl:pP
Score

10^/10

execution defense_evasion
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasionexecution