General
-
Target
c51c3a96a3996b15509ad31cc4134630.UU
-
Size
7KB
-
Sample
241031-sht9jasjek
-
MD5
c51c3a96a3996b15509ad31cc4134630
-
SHA1
dedfcebf031eebf287e8aef913d1df060fa24664
-
SHA256
0f891dda9a78f5f13f64c36c85b931bbc9bcdd2ca0085a66a917b8cbed5547c0
-
SHA512
72738e81defc1e9359d5d74e1f4597b8cbf69688574e698206006ccbec62daec2f35e8de050e8dc3eec583a29bfcae0f223cd216611e4792305c5ca779fd93d5
-
SSDEEP
192:TUd314ruXwtSzFsE8Y3dvq6/NVghu+mkTVAh0:Ad3GCwtTE8Y3FmukL
Static task
static1
Behavioral task
behavioral1
Sample
Ad090512515541511555,PDF.vbs
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Ad090512515541511555,PDF.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://pastebin.com/raw/J6uRjZrv
Targets
-
-
Target
Ad090512515541511555,PDF.vbs
-
Size
14.3MB
-
MD5
5565dd9e27b8d9d3f2c22656193a6a1c
-
SHA1
f41e89954e0dab2bd7139d5b89a2f80060487a17
-
SHA256
ec3753896e7a796986bdb9533cfb19481dd02e454fafad31c3c0f026da895afd
-
SHA512
966ad4fd2fcdcd1bd701a22a391db1ca8beb2af7309cbd49bdf0608b880bbfce3c03f83e9a9342af656d69fe1830526a4118491f83b927a6b34550a96e636f78
-
SSDEEP
1536:lyyyyyyyyyyyyyyyyyyyyyyyryyyyyyyyyyyyyyyyyyyyyyycyyyyyyyyyyyyyyD:2Z5b
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-