General
-
Target
PO_Request_Songsan08022023.vbs
-
Size
415KB
-
Sample
230209-yx3gcabd8w
-
MD5
304ef3925d5877d7e455c42568472720
-
SHA1
8797b52b425ff5b62aa3a15ddf8c77fc4cf48542
-
SHA256
79ae4e6797db31dc04ebb54ae5b24b248a556905b4ebc05014a4d4cefa130bf7
-
SHA512
e752cba3cd7f3a2fa872b6a3f2938a8ef871d08fc7cce6cc3b727c5baede5c7505756844611390440306b9308be4e0914e7c825166e13d53ae0903cd4d6f2a57
-
SSDEEP
12288:kVAT53NUeHP2NZEanDiSQkIPGl75+Y45ee1Ww4:P1h+nnOyIPG5sY45eeAw4
Static task
static1
Behavioral task
behavioral1
Sample
PO_Request_Songsan08022023.vbs
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
PO_Request_Songsan08022023.vbs
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
PO_Request_Songsan08022023.vbs
-
Size
415KB
-
MD5
304ef3925d5877d7e455c42568472720
-
SHA1
8797b52b425ff5b62aa3a15ddf8c77fc4cf48542
-
SHA256
79ae4e6797db31dc04ebb54ae5b24b248a556905b4ebc05014a4d4cefa130bf7
-
SHA512
e752cba3cd7f3a2fa872b6a3f2938a8ef871d08fc7cce6cc3b727c5baede5c7505756844611390440306b9308be4e0914e7c825166e13d53ae0903cd4d6f2a57
-
SSDEEP
12288:kVAT53NUeHP2NZEanDiSQkIPGl75+Y45ee1Ww4:P1h+nnOyIPG5sY45eeAw4
Score10/10-
Blocklisted process makes network request
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-