General
-
Target
Sign100000120001.zip
-
Size
91KB
-
Sample
241220-nydt9svrat
-
MD5
e263c3f05541b1e980a0a2786291a881
-
SHA1
00328067fb61d36ea3b4582affdd934388269690
-
SHA256
83c42273c86a72a1ca3c7ca04e2460711c55abd5bb683eae71d54f0ba38d49fc
-
SHA512
d2998d9138cdae3c6c463d940d4a8dfd55782ee15cd581504afc51889e75564246e74ffaa9d2f8a6095f052187a8a08e90349cad3be2f0c79dd3079843c2fb5e
-
SSDEEP
1536:EBBBBBBBBB/Fzpy8G/nBBBBBBBBBBBBBBBBl:EBBBBBBBBBOBBBBBBBBBBBBBBBBl
Static task
static1
Behavioral task
behavioral1
Sample
Sign100000120001.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Sign100000120001.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://desckvbrat.com.br/Upcrypter/01/DLL01.txt
https://drive.google.com/uc?export=download&id=
https://desckvbrat.com.br/Upcrypter/01/DLL01.txt
Targets
-
-
Target
Sign100000120001.vbs
-
Size
91KB
-
MD5
a7852939ea4eff9943163f2df44d425b
-
SHA1
500c33c8aea15e777dfe79d684e91d60e053eca2
-
SHA256
77b2713d68eaf0dd8c74bcaa12d8c15a3bcb26eb5784f28169b14351c0a2fc45
-
SHA512
6dac1d7dea7e5a6040df6e8d386e7ea1712060171a34200de9707447b5a79751f6ca8730e274d0db8c335d16c48b03b379088bd4f7ff3dcb3a7722b2d266e2bd
-
SSDEEP
1536:vBBBBBBBBB/Fzpy8G/nBBBBBBBBBBBBBBBBB:vBBBBBBBBBOBBBBBBBBBBBBBBBBB
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-