Overview

overview

10

Static

static

1

DHL_Shippi...00.vbs

windows7-x64

DHL_Shippi...00.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15102024_0114_DHL_Shipping_Invoices_Awb_0000000.vbs.zip

  • Size

    9KB

  • Sample

    241015-bl52rszfkj

  • MD5

    44d9892ea960ae92993b3b0df5610895

  • SHA1

    c77a70670b7b35e472083a037d6339a1cad2c3d2

  • SHA256

    64fd88ac9100e0b2d1f851fbd7574f1cd1ef32d169f1fd66aaf634cbf0a605c9

  • SHA512

    2d40a6990fb254d7bfeab134e9f49107000c99753d44bfcb95983fd10f5c4b58908a97882dc87ccc3751d30efd469c1066a5ae300346088daf2e61338a7feece

  • SSDEEP

    192:JAbAD4XGP5uaSUH++jsbQeTOueTIKw1cEU++F3VXhmTyLK:JAbi4XGhuU7jYp1cc+n/K

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://drive.google.com/uc?export=download&id=

Targets

    • Target

      DHL_Shipping_Invoices_Awb_0000000.vbs

    • Size

      544KB

    • MD5

      f757be4bc8889174f9c6c45d6302e00d

    • SHA1

      07028abbc63ce0ab275c0b495451c38c3f686358

    • SHA256

      42f3a74c4a534ce4ac65b5e14474a905e8fbdcab70cc6d330ef763062b80a2a4

    • SHA512

      8420a5fd3bc27a7ce403b989db088e40d1fdd7a8010159d9e3973160719dc0e32bc31500dc98d3a8ea020138f888d2a5013d7f57f0668b94cbf46b46de15a130

    • SSDEEP

      1536:155555555555555555bMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMg:A

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks