7a74348cfdcf7d37e88f264c0b9a50b5b9cbec188ca02da0bcca6f054a1b183e | Triage

Submit
Reports

Overview

overview

8

Static

static

SM25.vbs

windows7_x64

8

SM25.vbs

windows10_x64

8

Sharing

General

Target

SM25.vbs
Size

996B
Sample

210408-9mmbtm28kx
MD5

0bafdab6b8c7bfc2867f8a8ff1437c40
SHA1

eb624db807094865eb14504f323301a0fd2cd95e
SHA256

7a74348cfdcf7d37e88f264c0b9a50b5b9cbec188ca02da0bcca6f054a1b183e
SHA512

9f77c88356140e7433ffcbb2ffd40f013dfa3fb962fdf17afcccc26a274b11eb45c778136d9f1c3054a5f437eb238ab081d19f58482efea550bab410838c5e65

Score

8^/10

Static task

static1

Behavioral task

behavioral1

Sample

SM25.vbs

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SM25.vbs

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SM25.vbs
- Size
  
  996B
- MD5
  
  0bafdab6b8c7bfc2867f8a8ff1437c40
- SHA1
  
  eb624db807094865eb14504f323301a0fd2cd95e
- SHA256
  
  7a74348cfdcf7d37e88f264c0b9a50b5b9cbec188ca02da0bcca6f054a1b183e
- SHA512
  
  9f77c88356140e7433ffcbb2ffd40f013dfa3fb962fdf17afcccc26a274b11eb45c778136d9f1c3054a5f437eb238ab081d19f58482efea550bab410838c5e65
Score

8^/10
- Blocklisted process makes network request
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy