cc96717b14c851a477981e752753bc595dc13713fe222a6d361b0ec15e3fdbc3 | Triage

Sharing

General

Target

16102024_0739_DHL_Shipping_Invoices_Awb_000000000101520242247820020031808174Global180030010152024.bat.zip
Size

645B
Sample

241016-jg4bdatglj
MD5

1b7ce9725d6ee5da93f8e0b19d47ef4d
SHA1

9e92f6c2e2c70d39d17b03acb4472132d2d849a8
SHA256

cc96717b14c851a477981e752753bc595dc13713fe222a6d361b0ec15e3fdbc3
SHA512

f8ee9e70e58370224bb613d289629075f0adcdb11f5254839a4136e3dea074c2fd1a38dded06e91a748665d766584c0cf9bb1d7c5a8489a615c3aebfff1b8180

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://in-houselegal.ro/YwDS3/calculators.vbs

Extracted

Language

ps1

Source

URLs

exe.dropper

https://drive.google.com/uc?export=download&id=

Targets

- Target
  
  DHL_Shipping_Invoices_Awb_000000000101520242247820020031808174Global180030010152024.bat
- Size
  
  542B
- MD5
  
  415f82e7ccaa07c5907805687a010209
- SHA1
  
  b9816a469c59fafb92b921a75bebecb9935277ad
- SHA256
  
  ef6cf434471b7ab9a035d09dcf5c5685e7c38afc6301b337c9531bfdae73bb83
- SHA512
  
  2f51a1a91dd6c86f00d7c3076ba8f1883ac714dc5d0f875f6ed38aa2ccc74511af6a6d848e01da56041c3e4cbad1bf8ac025a6b413369e1bd9e0446f7e144753
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution