Overview

overview

7

Static

static

Detallemovimiento.vbs

windows7-x64

7

Detallemovimiento.vbs

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Detallemovimiento.vbs

  • Size

    439KB

  • Sample

    221123-q1t1daad61

  • MD5

    1d50e209ab21cd2035f0727bdf51c6bb

  • SHA1

    a9f206e9940d6f6b5abe7d608dfb15a20d5cf5f1

  • SHA256

    a615a0e25040ca39c49560c9594c69f4ff6754faf0304c6e89c923cb340c9319

  • SHA512

    4d20bfd9c71956ccc87af37de1468445d5b1b87bab1eea6b7b9d0d6298d1b879e962d2615ff4e58fdc7eacbf2badc5277bc87930baee0ac02885dbcea3bb8ff9

  • SSDEEP

    6144:sDKtRixP0uu/1PM4Ramn3DBqVei8zWH30BiZSgP4K9LuTrEo7K08HIyGshUhBQxu:MK7iZ8PM4qVeHz0kBip4tQghmxxTs

Score
7/10

Malware Config

Targets

    • Target

      Detallemovimiento.vbs

    • Size

      439KB

    • MD5

      1d50e209ab21cd2035f0727bdf51c6bb

    • SHA1

      a9f206e9940d6f6b5abe7d608dfb15a20d5cf5f1

    • SHA256

      a615a0e25040ca39c49560c9594c69f4ff6754faf0304c6e89c923cb340c9319

    • SHA512

      4d20bfd9c71956ccc87af37de1468445d5b1b87bab1eea6b7b9d0d6298d1b879e962d2615ff4e58fdc7eacbf2badc5277bc87930baee0ac02885dbcea3bb8ff9

    • SSDEEP

      6144:sDKtRixP0uu/1PM4Ramn3DBqVei8zWH30BiZSgP4K9LuTrEo7K08HIyGshUhBQxu:MK7iZ8PM4qVeHz0kBip4tQghmxxTs

    Score
    7/10

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks