General
-
Target
IN(11)-9-12-2023_218082.vbs
-
Size
1KB
-
Sample
230913-yfgtbaee6t
-
MD5
1be17a0ac48cab72a10836953c8186b0
-
SHA1
d5bdf81792cc2434d49bae66b1cc60027220298c
-
SHA256
e7407a0fe469fda07809db9a264e4c423d9f740344abca7675e9e78a9ede9f3c
-
SHA512
38a7e2121975a5ef80db59d81f3bca3fe845f4072a7b068d09707690b851b5e41ccf899ca7ff732ccb770528b772cdc2efadecf9d5a7bd34678d1c00053038f5
Static task
static1
Behavioral task
behavioral1
Sample
IN(11)-9-12-2023_218082.vbs
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
IN(11)-9-12-2023_218082.vbs
Resource
win10-20230831-en
Malware Config
Extracted
bumblebee
js1
Targets
-
-
Target
IN(11)-9-12-2023_218082.vbs
-
Size
1KB
-
MD5
1be17a0ac48cab72a10836953c8186b0
-
SHA1
d5bdf81792cc2434d49bae66b1cc60027220298c
-
SHA256
e7407a0fe469fda07809db9a264e4c423d9f740344abca7675e9e78a9ede9f3c
-
SHA512
38a7e2121975a5ef80db59d81f3bca3fe845f4072a7b068d09707690b851b5e41ccf899ca7ff732ccb770528b772cdc2efadecf9d5a7bd34678d1c00053038f5
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-