General
-
Target
lol.vbs
-
Size
61KB
-
Sample
230201-g4wtpscb65
-
MD5
3b49d86ad344fc3aabdef0ac04195e83
-
SHA1
b3b4d0470260da2bcfe5fa9feaeb98c3b79a39fa
-
SHA256
fe9dcf1de0b47950294a318a23cd37374483e6f6ac5eb6cfb941957a1fe04685
-
SHA512
fc70a5e88d27faaf5add0b0b5ec6578f76017e59e3049b222bb5f8edae6139909c0a11d6aa78dc912bf0dc11617978f11ebee5475503a9c6ac9f11cd83c6b4be
-
SSDEEP
1536:1hRQJFsWO0ZhVy02qDqPKviVvYeIcKxpC:14JGWO0hyLqDqPKKV1Db
Static task
static1
Behavioral task
behavioral1
Sample
lol.vbs
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
lol.vbs
Resource
win10v2004-20220812-en
Malware Config
Extracted
https://drive.google.com/uc?export=download&id=1zVdm4TylTH05tqt2K3tMhxuhguEtNYmV
Targets
-
-
Target
lol.vbs
-
Size
61KB
-
MD5
3b49d86ad344fc3aabdef0ac04195e83
-
SHA1
b3b4d0470260da2bcfe5fa9feaeb98c3b79a39fa
-
SHA256
fe9dcf1de0b47950294a318a23cd37374483e6f6ac5eb6cfb941957a1fe04685
-
SHA512
fc70a5e88d27faaf5add0b0b5ec6578f76017e59e3049b222bb5f8edae6139909c0a11d6aa78dc912bf0dc11617978f11ebee5475503a9c6ac9f11cd83c6b4be
-
SSDEEP
1536:1hRQJFsWO0ZhVy02qDqPKviVvYeIcKxpC:14JGWO0hyLqDqPKKV1Db
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-