e5e5397c47989a79e8f633ad808816699500cf461addb819768b1a26ef02247f | Triage

Sharing

General

Target

Quotation request YN2024-10-07pdf.vbs
Size

543KB
Sample

241009-l3cfwssaje
MD5

b451bbcd915ef91e894f74a26a6d11fb
SHA1

e0fbce292efdb6c2c84813723f24a36fc1aa11dc
SHA256

e5e5397c47989a79e8f633ad808816699500cf461addb819768b1a26ef02247f
SHA512

e52cce64c2df9d24737af4dc14d9b149698d88fe89333dbe775fab9349fa955cb973921c5f1f73eb34b37886e94ee5b86be13938ff9c5d220f604d8e139e9361
SSDEEP

1536:CJJJJJJJJJJJJJJJJJ7ssssssssssssssssssssssssssssssssssssssssssss9:M

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://drive.google.com/uc?export=download&id=

Targets

- Target
  
  Quotation request YN2024-10-07pdf.vbs
- Size
  
  543KB
- MD5
  
  b451bbcd915ef91e894f74a26a6d11fb
- SHA1
  
  e0fbce292efdb6c2c84813723f24a36fc1aa11dc
- SHA256
  
  e5e5397c47989a79e8f633ad808816699500cf461addb819768b1a26ef02247f
- SHA512
  
  e52cce64c2df9d24737af4dc14d9b149698d88fe89333dbe775fab9349fa955cb973921c5f1f73eb34b37886e94ee5b86be13938ff9c5d220f604d8e139e9361
- SSDEEP
  
  1536:CJJJJJJJJJJJJJJJJJ7ssssssssssssssssssssssssssssssssssssssssssss9:M
Score

10^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2