General
-
Target
SM25.vbs
-
Size
996B
-
Sample
210408-9mmbtm28kx
-
MD5
0bafdab6b8c7bfc2867f8a8ff1437c40
-
SHA1
eb624db807094865eb14504f323301a0fd2cd95e
-
SHA256
7a74348cfdcf7d37e88f264c0b9a50b5b9cbec188ca02da0bcca6f054a1b183e
-
SHA512
9f77c88356140e7433ffcbb2ffd40f013dfa3fb962fdf17afcccc26a274b11eb45c778136d9f1c3054a5f437eb238ab081d19f58482efea550bab410838c5e65
Static task
static1
Behavioral task
behavioral1
Sample
SM25.vbs
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SM25.vbs
Resource
win10v20201028
Malware Config
Targets
-
-
Target
SM25.vbs
-
Size
996B
-
MD5
0bafdab6b8c7bfc2867f8a8ff1437c40
-
SHA1
eb624db807094865eb14504f323301a0fd2cd95e
-
SHA256
7a74348cfdcf7d37e88f264c0b9a50b5b9cbec188ca02da0bcca6f054a1b183e
-
SHA512
9f77c88356140e7433ffcbb2ffd40f013dfa3fb962fdf17afcccc26a274b11eb45c778136d9f1c3054a5f437eb238ab081d19f58482efea550bab410838c5e65
Score8/10-
Blocklisted process makes network request
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-