General
-
Target
Tax_Statement_2022 .vbs
-
Size
11KB
-
Sample
230628-v5z5eaad87
-
MD5
a6ecc90056e3e910c3b39624f708eb66
-
SHA1
72f6cdcdcf0114e50061a40078bc7cc60f7cd95e
-
SHA256
ed660ae4e1ff7e57c133b6d3d0a72bd41d6058cd2fe827466afd9d1d372fd4b1
-
SHA512
222c55a3bb009be3f13165db81297043135c89454fdcbafdd0864af90741272b94d127c525263766198165eeecba1749237cab5803e6442de995193b50278b7f
-
SSDEEP
192:Npy58UoGL9i5lB5HQmpikw1BRKsyj0B41HCAEcYnd5DvxR7Nl5:Cdps6mFqbKlv2zh
Static task
static1
Behavioral task
behavioral1
Sample
Tax_Statement_2022 .vbs
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
Tax_Statement_2022 .vbs
Resource
win10v2004-20230621-en
Malware Config
Targets
-
-
Target
Tax_Statement_2022 .vbs
-
Size
11KB
-
MD5
a6ecc90056e3e910c3b39624f708eb66
-
SHA1
72f6cdcdcf0114e50061a40078bc7cc60f7cd95e
-
SHA256
ed660ae4e1ff7e57c133b6d3d0a72bd41d6058cd2fe827466afd9d1d372fd4b1
-
SHA512
222c55a3bb009be3f13165db81297043135c89454fdcbafdd0864af90741272b94d127c525263766198165eeecba1749237cab5803e6442de995193b50278b7f
-
SSDEEP
192:Npy58UoGL9i5lB5HQmpikw1BRKsyj0B41HCAEcYnd5DvxR7Nl5:Cdps6mFqbKlv2zh
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Registers COM server for autorun
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-