f1d2e2c963c5f1a6a4a701ede11e8c438d4e4e200111861f63d150a5dd95680d | Triage

Sharing

General

Target

f1d2e2c963c5f1a6a4a701ede11e8c438d4e4e200111861f63d150a5dd95680d
Size

49KB
Sample

241031-j62tvavdqr
MD5

2bb3ca733b8778fdd40c972cdffda75d
SHA1

08a381ad027376a3f026ddf4d7bd27d5ed076c0d
SHA256

f1d2e2c963c5f1a6a4a701ede11e8c438d4e4e200111861f63d150a5dd95680d
SHA512

194e0a77b6b94faf97b8036f711e8235a16724fbfe61631735fe3fe66fd123aac5e71ad3a74006692186616ff7580d0d6c4212fdd72111cca55d0aa7580c33d8
SSDEEP

768:F6WXsV6IhF8q4WnuxtarR5PaivhKnIKIf25skYtu57HaLhZ1t4W63xYGxC/qL:IN6Ih2Vx6aivhKnIvf4aLhnt4W6YGoqL

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  Prośba o wycenę - katalog przykładowy.vbs
- Size
  
  156KB
- MD5
  
  3655ed4ac8786b349f6c824ef9fbf58c
- SHA1
  
  a2c6abe2e04a0c5548288ffdaf4a9c27bc644d0b
- SHA256
  
  52bc69a2c50c4bc07047508511fe4e7c17b3f380ac3a6a2f5229330b0b1a6980
- SHA512
  
  1792ca76e88342a853ffd6f35cf53956d36178811b411361a5f15499570f02d225c53e83fc4d0b3c85ce1d4009466dc289c0fbeba1984da838110eb9e6519a48
- SSDEEP
  
  3072:xiHtveXendAy3yrLRKm+ay3tJuj8Sq2qb0M240PCOLvAtK3qfBHqnSBu46:xiHtveXendAy3yrslay3tJuj8Sq2qb0X
Score

8^/10

discovery
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3