General
-
Target
518a1bd0764ca25fcf36d8a55bf2ebd9.vbs
-
Size
238KB
-
Sample
220923-hsp3fsddf4
-
MD5
518a1bd0764ca25fcf36d8a55bf2ebd9
-
SHA1
d6e490cdf33972c115a035631a3db91e527b0ef3
-
SHA256
c410684799d2bc68f9f06e206381e7f1fc6336642df8d48346a9b3357ada7db4
-
SHA512
b746019d51c04f97c75bbbe6ae65a74521120cb73aefee0a306c09088b2b1905d25f78c5b7e220962c2c34d11dd8bff082fef8056557acdb404e577dfcf0613b
-
SSDEEP
48:sK0mjzlXJj5NzzBWsoMtssbs0Qs+PM/d9Z9s3XEHDzzAA:sKDF9n0JMtswebEjAsDoA
Static task
static1
Behavioral task
behavioral1
Sample
518a1bd0764ca25fcf36d8a55bf2ebd9.vbs
Resource
win7-20220812-en
Malware Config
Extracted
https://contadoreshbc.com/dll_startup
Targets
-
-
Target
518a1bd0764ca25fcf36d8a55bf2ebd9.vbs
-
Size
238KB
-
MD5
518a1bd0764ca25fcf36d8a55bf2ebd9
-
SHA1
d6e490cdf33972c115a035631a3db91e527b0ef3
-
SHA256
c410684799d2bc68f9f06e206381e7f1fc6336642df8d48346a9b3357ada7db4
-
SHA512
b746019d51c04f97c75bbbe6ae65a74521120cb73aefee0a306c09088b2b1905d25f78c5b7e220962c2c34d11dd8bff082fef8056557acdb404e577dfcf0613b
-
SSDEEP
48:sK0mjzlXJj5NzzBWsoMtssbs0Qs+PM/d9Z9s3XEHDzzAA:sKDF9n0JMtswebEjAsDoA
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-