e5ddae23eb8d248fb190371808ab28d20485a16f2eb0fc238a1fb812f3c52c91 | Triage

Submit
Reports

Overview

overview

8

Static

static

FQ45.vbs

windows7_x64

8

FQ45.vbs

windows10_x64

8

Sharing

General

Target

FQ45.vbs
Size

996B
Sample

210408-7xfvk1xtr2
MD5

7c5cdd80461494fe18eae20726676f01
SHA1

9d4ba6a01448c36043854f6a13a5922480c6a26f
SHA256

e5ddae23eb8d248fb190371808ab28d20485a16f2eb0fc238a1fb812f3c52c91
SHA512

9c54062fd3cc99467613562bac1dc29b477492c3ce8b07a1c289c1c4099a036ddcd00c5a0992244d17afda0ee9cb4d308a022c7d4993e64423a46470af64e93c

Score

8^/10

Static task

static1

Behavioral task

behavioral1

Sample

FQ45.vbs

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FQ45.vbs

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  FQ45.vbs
- Size
  
  996B
- MD5
  
  7c5cdd80461494fe18eae20726676f01
- SHA1
  
  9d4ba6a01448c36043854f6a13a5922480c6a26f
- SHA256
  
  e5ddae23eb8d248fb190371808ab28d20485a16f2eb0fc238a1fb812f3c52c91
- SHA512
  
  9c54062fd3cc99467613562bac1dc29b477492c3ce8b07a1c289c1c4099a036ddcd00c5a0992244d17afda0ee9cb4d308a022c7d4993e64423a46470af64e93c
Score

8^/10
- Blocklisted process makes network request
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy