General
-
Target
YTO T80T100TS100T120 bulldozer main clutch.vbs
-
Size
875B
-
Sample
220926-lcw3lsace3
-
MD5
17e2572b78e4b8540158dcffd5e34153
-
SHA1
51203c661339bd1784140e97894a67e3f32f8afb
-
SHA256
a1b7fae88ade1706c6830c4328c4e908d76f617e8491468043eb9da3572bf22f
-
SHA512
6b4b5b5df1c8e2da921278704717823efbf32b96520a15bdd2922e72c44ef57bb143f687d8a6e7c666e2e836a0d070af2480eafe08874994e5a7a3d082c9ba40
Static task
static1
Behavioral task
behavioral1
Sample
YTO T80T100TS100T120 bulldozer main clutch.vbs
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
YTO T80T100TS100T120 bulldozer main clutch.vbs
Resource
win10v2004-20220812-en
Malware Config
Extracted
https://posadalaprotegida.com.ar/temp.txt
Targets
-
-
Target
YTO T80T100TS100T120 bulldozer main clutch.vbs
-
Size
875B
-
MD5
17e2572b78e4b8540158dcffd5e34153
-
SHA1
51203c661339bd1784140e97894a67e3f32f8afb
-
SHA256
a1b7fae88ade1706c6830c4328c4e908d76f617e8491468043eb9da3572bf22f
-
SHA512
6b4b5b5df1c8e2da921278704717823efbf32b96520a15bdd2922e72c44ef57bb143f687d8a6e7c666e2e836a0d070af2480eafe08874994e5a7a3d082c9ba40
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-