ff6e5b04064c63dd80619d02c242c856bbf4e1f94ab230ca74817c3aa471ece4 | Triage

Sharing

General

Target

Savyi
Size

60KB
Sample

241031-vmbdbssrfp
MD5

caf142ae86793cd64c2947889f57ce28
SHA1

3c41375b1ee78c89b581b3d2a2aea42f895caab6
SHA256

ff6e5b04064c63dd80619d02c242c856bbf4e1f94ab230ca74817c3aa471ece4
SHA512

99eef70a65338f8147b9f5400ce3f49475140eb20d406c1cef0014abcd812ba0da5d94c5b61bd6deb0376ded7331fa1b4367283de86dd5f2edb7d215f4be6608
SSDEEP

1536:IHXpEjO9Xwq2Sk6e2Nhxdd5pdLv+lIXQXdE4QmuWOMP3HXpEjO9Xwq2Sk6e2Nhx6:IHXp+q62Nhxdd5pdq6k91HXp+q62Nhx6

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

- Target
  
  Savyi
- Size
  
  60KB
- MD5
  
  caf142ae86793cd64c2947889f57ce28
- SHA1
  
  3c41375b1ee78c89b581b3d2a2aea42f895caab6
- SHA256
  
  ff6e5b04064c63dd80619d02c242c856bbf4e1f94ab230ca74817c3aa471ece4
- SHA512
  
  99eef70a65338f8147b9f5400ce3f49475140eb20d406c1cef0014abcd812ba0da5d94c5b61bd6deb0376ded7331fa1b4367283de86dd5f2edb7d215f4be6608
- SSDEEP
  
  1536:IHXpEjO9Xwq2Sk6e2Nhxdd5pdLv+lIXQXdE4QmuWOMP3HXpEjO9Xwq2Sk6e2Nhx6:IHXp+q62Nhxdd5pdq6k91HXp+q62Nhx6
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution

behavioral3

discoveryexecution

behavioral4

discoveryexecution