General
-
Target
de_pago.vbs
-
Size
365KB
-
Sample
231013-qb6mwabh36
-
MD5
704afba666fe88196bb5f506fa065553
-
SHA1
f30788b8cabe1cda4ef73d97138cc13609b77ffc
-
SHA256
f1a6af7baca4027b3cab5063c63ae4dfaa89c114d062dd695ba947f796d22cab
-
SHA512
cfa5d551f0345dfc3609191f8ea891f74d3a884d19d898078d9f6294e40bf6fe9c55268561cc1dfc9d02f7a1b9c48ad47d7bcce7a6b45d4c5e998af1da57f5a8
-
SSDEEP
6144:Mggggg+eZz1OPzhH2NOgggggogggggZgggggjgggggsggggggr773VhgggggdggV:MgggggvOoNOgggggogggggZgggggjgg2
Static task
static1
Behavioral task
behavioral1
Sample
de_pago.vbs
Resource
win7-20230831-en
Malware Config
Extracted
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
Targets
-
-
Target
de_pago.vbs
-
Size
365KB
-
MD5
704afba666fe88196bb5f506fa065553
-
SHA1
f30788b8cabe1cda4ef73d97138cc13609b77ffc
-
SHA256
f1a6af7baca4027b3cab5063c63ae4dfaa89c114d062dd695ba947f796d22cab
-
SHA512
cfa5d551f0345dfc3609191f8ea891f74d3a884d19d898078d9f6294e40bf6fe9c55268561cc1dfc9d02f7a1b9c48ad47d7bcce7a6b45d4c5e998af1da57f5a8
-
SSDEEP
6144:Mggggg+eZz1OPzhH2NOgggggogggggZgggggjgggggsggggggr773VhgggggdggV:MgggggvOoNOgggggogggggZgggggjgg2
-
Detect ZGRat V1
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-