4899cdb23cf206532e2ccfe1eb170256012e2ee7664a89e5472e52f2a6274001 | Triage

Sharing

General

Target

4899cdb23cf206532e2ccfe1eb170256012e2ee7664a89e5472e52f2a6274001.vbs
Size

36KB
Sample

240213-cxz6bscb28
MD5

de8bb4e7b3b42adcc01eaf37409ba15a
SHA1

77e869d2cdb86aea090f14a444e0d1ee39e5cd68
SHA256

4899cdb23cf206532e2ccfe1eb170256012e2ee7664a89e5472e52f2a6274001
SHA512

5258eaf86e2da5799b8d4c73c5b7047502d7e66000bef6b6680aafc931c7590eb005917c9af4c8a788ee16638870354c3f044434d381b934f5ada38c09a48569
SSDEEP

768:vUJZmkTEmGkXZwCwzWfMKjWcHISdD0i6z2l+KaRB0e:cJLEXM9wzPKjXHISJ0i6z2w/f

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  4899cdb23cf206532e2ccfe1eb170256012e2ee7664a89e5472e52f2a6274001.vbs
- Size
  
  36KB
- MD5
  
  de8bb4e7b3b42adcc01eaf37409ba15a
- SHA1
  
  77e869d2cdb86aea090f14a444e0d1ee39e5cd68
- SHA256
  
  4899cdb23cf206532e2ccfe1eb170256012e2ee7664a89e5472e52f2a6274001
- SHA512
  
  5258eaf86e2da5799b8d4c73c5b7047502d7e66000bef6b6680aafc931c7590eb005917c9af4c8a788ee16638870354c3f044434d381b934f5ada38c09a48569
- SSDEEP
  
  768:vUJZmkTEmGkXZwCwzWfMKjWcHISdD0i6z2l+KaRB0e:cJLEXM9wzPKjXHISJ0i6z2w/f
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2