863c1169a8f61ceec7a5498ababb668719775202334836b099c4c73a3e84167f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ADZP 20 Clean Version.vbs
Size

25KB
Sample

230515-al71pagc9z
MD5

5d9f65cff74133a0a4c4a8fe4f747391
SHA1

b09745247c0bdce1da82a97553523a069b58dbe7
SHA256

863c1169a8f61ceec7a5498ababb668719775202334836b099c4c73a3e84167f
SHA512

bc3d6ee9201418dfdc0e40bc4132c8b20838306827d93be185f41399744760e5d7e2e5939d040c9d0ac1aee2bd35bb359d49c8fbf3bd2e38a0a69a646d622768
SSDEEP

384:N2k+9sEhzbv4Q9kt9oaJO48ZtxFbNPxtdtxFbNPxBMN:Obv4QmtCaotxFbNPxtdtxFbNPxBMN

Score

8^/10

discovery exploit

Malware Config

Targets

- Target
  
  ADZP 20 Clean Version.vbs
- Size
  
  25KB
- MD5
  
  5d9f65cff74133a0a4c4a8fe4f747391
- SHA1
  
  b09745247c0bdce1da82a97553523a069b58dbe7
- SHA256
  
  863c1169a8f61ceec7a5498ababb668719775202334836b099c4c73a3e84167f
- SHA512
  
  bc3d6ee9201418dfdc0e40bc4132c8b20838306827d93be185f41399744760e5d7e2e5939d040c9d0ac1aee2bd35bb359d49c8fbf3bd2e38a0a69a646d622768
- SSDEEP
  
  384:N2k+9sEhzbv4Q9kt9oaJO48ZtxFbNPxtdtxFbNPxBMN:Obv4QmtCaotxFbNPxtdtxFbNPxBMN
Score

8^/10

discovery exploit
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexploit