General
-
Target
03281599.vbs
-
Size
1.2MB
-
Sample
230526-h784waec93
-
MD5
5cd2f2a5766ad1ac7be8a3d3eb7c5a51
-
SHA1
e1c05ac20d4f9f278dc48b8ae4a07cddd27c39c0
-
SHA256
2894544e7e6d165cbc56e9b4f096b657934f23420af9a119d72a04a122d3725b
-
SHA512
fafaf428e1d22e07286ec341e76a66c6bcc867ab83c04394703629d03338e9cbdde3e11973879f64d53cca6a6cbe3b6f11cc6ccdae66436989df43cfc5a7bb03
-
SSDEEP
24576:7euj3hp+N3Lu1hiH2rbqQGbB7I3RgAffIl7yfW:7em3h03y1hiHxls3RS7yfW
Static task
static1
Behavioral task
behavioral1
Sample
03281599.vbs
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
03281599.vbs
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://drive.google.com/uc?export=download&id=1-R3r3SEIXJtsxvIGl9F3JR1EiblvLOtW
Targets
-
-
Target
03281599.vbs
-
Size
1.2MB
-
MD5
5cd2f2a5766ad1ac7be8a3d3eb7c5a51
-
SHA1
e1c05ac20d4f9f278dc48b8ae4a07cddd27c39c0
-
SHA256
2894544e7e6d165cbc56e9b4f096b657934f23420af9a119d72a04a122d3725b
-
SHA512
fafaf428e1d22e07286ec341e76a66c6bcc867ab83c04394703629d03338e9cbdde3e11973879f64d53cca6a6cbe3b6f11cc6ccdae66436989df43cfc5a7bb03
-
SSDEEP
24576:7euj3hp+N3Lu1hiH2rbqQGbB7I3RgAffIl7yfW:7em3h03y1hiHxls3RS7yfW
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-