General
-
Target
bc.vbs
-
Size
169KB
-
Sample
220219-12r8aadgb5
-
MD5
c8d448840522a0d83b0a8a32cfa50352
-
SHA1
98f1145de8f3cc1764451ff65fa1c7051280c455
-
SHA256
4ee7ce2fdad1a287ac5299129c80dfc3fedb2a5eb31a1af706d1fc466cb2839a
-
SHA512
0ff8e8b9cd33ec9973fc14e55acf1648a3e6f7ce215157fb41aa737441f0b727934ab6a4cbae8ec7eff02872690bd72f2ae63cee1490b79cbd952b53e937bebd
Static task
static1
Behavioral task
behavioral1
Sample
bc.vbs
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
bc.vbs
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
bc.vbs
-
Size
169KB
-
MD5
c8d448840522a0d83b0a8a32cfa50352
-
SHA1
98f1145de8f3cc1764451ff65fa1c7051280c455
-
SHA256
4ee7ce2fdad1a287ac5299129c80dfc3fedb2a5eb31a1af706d1fc466cb2839a
-
SHA512
0ff8e8b9cd33ec9973fc14e55acf1648a3e6f7ce215157fb41aa737441f0b727934ab6a4cbae8ec7eff02872690bd72f2ae63cee1490b79cbd952b53e937bebd
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-