Overview

overview

10

Static

static

1

Sign2110021001.vbs

windows7-x64

10

Sign2110021001.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    091ad0a637d37609e9eb9858c031094e2f8cf56dacba322de63c9b958887146f

  • Size

    100KB

  • Sample

    250128-svslgasqgz

  • MD5

    79a46f130d1c2a6c6cf974926ab51d0e

  • SHA1

    a3ff2d95ff7a2676f28d1360d946be22e698e027

  • SHA256

    091ad0a637d37609e9eb9858c031094e2f8cf56dacba322de63c9b958887146f

  • SHA512

    2665e625ab6a47d014a2a412fef58e93434fbb23854bb3a3b39b1f033bef63416ac5cb515937076ad46720ecf5a989f16eb7b057958d5f59a5474bbbb8c895a3

  • SSDEEP

    768:T77777777b1iwQUsHYr46rOaI7777777777777777A:kFb6rVN

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://drive.google.com/uc?export=download&id=

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.desckvbrat.com.br
  • Port:
    21
  • Username:
    desckvbrat1
  • Password:
    fYudY1578@@@@@@

Targets

    • Target

      Sign2110021001.vbs

    • Size

      100KB

    • MD5

      9b25db0f28312df1763fa52abea0f4a3

    • SHA1

      9ed190a2750b37e65be92d021bd53054525eee2a

    • SHA256

      d8049d67b8154e329797c1565fb96a0d56be544e3226a6bf9037b70a30f00800

    • SHA512

      9698e3be2738c788cb0348ff047699d76e92e1339acdf3e5bbeb771f7d8bd0074a1c27c97b1ca35bac227a3e17c5887c207256542d3f39d4a2025427226890b9

    • SSDEEP

      768:877777777b1iwQUsHYr46rOaI7777777777777777A:pFb6rV9

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks