08397cf6fd972e74c1be43021f5af0e60a031844b92d196b2e9f356e15eb4d12 | Triage

Sharing

General

Target

Request for Quotation MK FMHS.RFQ.10.24.vbs
Size

29KB
Sample

241015-h1jkms1fkc
MD5

4e4a0cf55522747307400f46995c785c
SHA1

6fba2e0b4fa0ada0c8d8a55a50b5e05e5a4668c1
SHA256

08397cf6fd972e74c1be43021f5af0e60a031844b92d196b2e9f356e15eb4d12
SHA512

71b1014af85207fa1e722238a10dc6511a01527eba1d75d3ce5ee166be83a704043772170572d659206f0f9e48ab56cdbcaedf979c42357a3f8dca3f83b8f174
SSDEEP

384:e5vxs5Mrgr9603OFTxLasx9I98I5xyeQAB+4vkpz215y5aYPVit:e5vxM9TOFTUsxi8CyTXQLWtit

Score

8^/10

execution

Malware Config

Targets

- Target
  
  Request for Quotation MK FMHS.RFQ.10.24.vbs
- Size
  
  29KB
- MD5
  
  4e4a0cf55522747307400f46995c785c
- SHA1
  
  6fba2e0b4fa0ada0c8d8a55a50b5e05e5a4668c1
- SHA256
  
  08397cf6fd972e74c1be43021f5af0e60a031844b92d196b2e9f356e15eb4d12
- SHA512
  
  71b1014af85207fa1e722238a10dc6511a01527eba1d75d3ce5ee166be83a704043772170572d659206f0f9e48ab56cdbcaedf979c42357a3f8dca3f83b8f174
- SSDEEP
  
  384:e5vxs5Mrgr9603OFTxLasx9I98I5xyeQAB+4vkpz215y5aYPVit:e5vxM9TOFTUsxi8CyTXQLWtit
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2