8e77a55f8b5baea2e55a7304ef01d1bc3750d8e2d453c49be52501e38b993ace

Resubmissions

18-12-2024 21:04

241218-zwqlts1pfw 10

18-12-2024 20:51

241218-znakmsskek 10

16-12-2024 23:23

241216-3c8vvatqdm 10

Sharing

Copy URL

Twitter E-mail

General

Target

72165d54d7e77e68ec5263d8ea9f5041.WSF
Size

30KB
Sample

241218-zwqlts1pfw
MD5

72165d54d7e77e68ec5263d8ea9f5041
SHA1

10c21f74c5b3f7b7807b6699f7abf00078521b8f
SHA256

8e77a55f8b5baea2e55a7304ef01d1bc3750d8e2d453c49be52501e38b993ace
SHA512

5e8fb5f8a6f14fd42826271bc6b84da2d636e85a1bfe1f478a0bd2c309b5bd1e9ab98d03606aba3abbaad335a10f0fcbd713c13f9ff89e5be04148e965f267bd
SSDEEP

96:zJAkdWKWiXW2W2WDAgFOPBAFFOPBAFFOPBAFFOPBAFFOPBAFFOPBAFFOPBAFFOPu:XPPPPPPPPDL2PPPPPPPPPPPPPPPPf

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://desckvbrat.com.br/Upcrypter/01/DLL01.txt

exe.dropper

https://drive.google.com/uc?export=download&id=

exe.dropper

https://desckvbrat.com.br/Upcrypter/01/DLL01.txt

Targets

- Target
  
  72165d54d7e77e68ec5263d8ea9f5041.WSF
- Size
  
  30KB
- MD5
  
  72165d54d7e77e68ec5263d8ea9f5041
- SHA1
  
  10c21f74c5b3f7b7807b6699f7abf00078521b8f
- SHA256
  
  8e77a55f8b5baea2e55a7304ef01d1bc3750d8e2d453c49be52501e38b993ace
- SHA512
  
  5e8fb5f8a6f14fd42826271bc6b84da2d636e85a1bfe1f478a0bd2c309b5bd1e9ab98d03606aba3abbaad335a10f0fcbd713c13f9ff89e5be04148e965f267bd
- SSDEEP
  
  96:zJAkdWKWiXW2W2WDAgFOPBAFFOPBAFFOPBAFFOPBAFFOPBAFFOPBAFFOPBAFFOPu:XPPPPPPPPDL2PPPPPPPPPPPPPPPPf
Score

10^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

Drops startup file

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: PowerShell

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2