General
-
Target
DOCUMENTO_BANCARIO_APROBACION_MULTA_INMEDIATA_ad18184298489184ff189418941894ca189491841948ff48194919848ca5848919848484911555458_INFORMACION_COMPLETA_pdf.vbs
-
Size
12KB
-
Sample
241120-x7xs6swnhj
-
MD5
8825e4591cadaec1fb1d0082f84c2398
-
SHA1
39fca0a522686f7b9b2b9dc5e5874aebcf231159
-
SHA256
61db47c10daf54a56360bbfa26f2127a31fadfc766220384eff41153d31d23fa
-
SHA512
d5b9c70136aaef8ca9aa1dfb32225632b69de90310ba4f9dcf35567ed58cfd6da8a6fbede4714a19ff41310af0e04bc54c7c6a95060840918efc5a31893fa2c9
-
SSDEEP
96:J86ymyaynXnLbv+mfupmtsgOgjAC9LFgtYif8fTFsgH2vX5bUdnL7vcumuZ4Y5Wx:JttRS/GpqDzj1eUhDH2Rb8RX1GHRkfkx
Malware Config
Extracted
https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6SQtIcOc_T35w&pk_vid=fd4f614bb209c62c1730945176a0904f
https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6SQtIcOc_T35w&pk_vid=fd4f614bb209c62c1730945176a0904f
Targets
-
-
Target
DOCUMENTO_BANCARIO_APROBACION_MULTA_INMEDIATA_ad18184298489184ff189418941894ca189491841948ff48194919848ca5848919848484911555458_INFORMACION_COMPLETA_pdf.vbs
-
Size
12KB
-
MD5
8825e4591cadaec1fb1d0082f84c2398
-
SHA1
39fca0a522686f7b9b2b9dc5e5874aebcf231159
-
SHA256
61db47c10daf54a56360bbfa26f2127a31fadfc766220384eff41153d31d23fa
-
SHA512
d5b9c70136aaef8ca9aa1dfb32225632b69de90310ba4f9dcf35567ed58cfd6da8a6fbede4714a19ff41310af0e04bc54c7c6a95060840918efc5a31893fa2c9
-
SSDEEP
96:J86ymyaynXnLbv+mfupmtsgOgjAC9LFgtYif8fTFsgH2vX5bUdnL7vcumuZ4Y5Wx:JttRS/GpqDzj1eUhDH2Rb8RX1GHRkfkx
Score10/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-