General
-
Target
Sacramentum.vbs
-
Size
187KB
-
Sample
230126-3bcq1shb6x
-
MD5
f37664c2b8d6cac837ed746dd16cca4a
-
SHA1
ce14d2136d71fa4995b845a8110ac53e592df843
-
SHA256
cde3bcc2302329397625192ab5096fdd43d5332207815cede5d7ddf619bc4063
-
SHA512
ea81979c6559e380352801a2aa16ff00e800793a8a66a799d8987504a9605e340a6a79d345bceaec98654b5370cebda77c34078ae9171dcb99e72d01803d8a26
-
SSDEEP
3072:CGaYrxUPGOMccSzwZbEa3eKkwt6+HBgfflqq+cR+WM:6YkMMzcbEa3kwU6mfdq7cRhM
Static task
static1
Behavioral task
behavioral1
Sample
Sacramentum.vbs
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Sacramentum.vbs
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Sacramentum.vbs
-
Size
187KB
-
MD5
f37664c2b8d6cac837ed746dd16cca4a
-
SHA1
ce14d2136d71fa4995b845a8110ac53e592df843
-
SHA256
cde3bcc2302329397625192ab5096fdd43d5332207815cede5d7ddf619bc4063
-
SHA512
ea81979c6559e380352801a2aa16ff00e800793a8a66a799d8987504a9605e340a6a79d345bceaec98654b5370cebda77c34078ae9171dcb99e72d01803d8a26
-
SSDEEP
3072:CGaYrxUPGOMccSzwZbEa3eKkwt6+HBgfflqq+cR+WM:6YkMMzcbEa3kwU6mfdq7cRhM
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-