General
-
Target
d0fceb6bb0ed4dc5b8601e9560a291fe726958c774b0dc8647d1b7aec3f0c84c.vbs
-
Size
93KB
-
Sample
240215-gc6jtsaa8w
-
MD5
79094e9847a7bf1ffd13972fd7f4fe9f
-
SHA1
98d0d34a146712d3399fcacf2369e11c4cd9c4ea
-
SHA256
d0fceb6bb0ed4dc5b8601e9560a291fe726958c774b0dc8647d1b7aec3f0c84c
-
SHA512
e0399f4fe05cdbc25dc193142d017d1161adb049cfd82dce26c03054f52825c43964b30c6c189cc293c85fb5f6da1092e62cfc736072294be62c23463a8386a9
-
SSDEEP
1536:HJglU0P4wDaWxyADV76w2bnQReOlDaP5QrIWG2CSAe0i4rEOz+d:pglnvD1xyAp761kRe8DaP54G3eL4rvyd
Static task
static1
Behavioral task
behavioral1
Sample
d0fceb6bb0ed4dc5b8601e9560a291fe726958c774b0dc8647d1b7aec3f0c84c.vbs
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
d0fceb6bb0ed4dc5b8601e9560a291fe726958c774b0dc8647d1b7aec3f0c84c.vbs
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
d0fceb6bb0ed4dc5b8601e9560a291fe726958c774b0dc8647d1b7aec3f0c84c.vbs
-
Size
93KB
-
MD5
79094e9847a7bf1ffd13972fd7f4fe9f
-
SHA1
98d0d34a146712d3399fcacf2369e11c4cd9c4ea
-
SHA256
d0fceb6bb0ed4dc5b8601e9560a291fe726958c774b0dc8647d1b7aec3f0c84c
-
SHA512
e0399f4fe05cdbc25dc193142d017d1161adb049cfd82dce26c03054f52825c43964b30c6c189cc293c85fb5f6da1092e62cfc736072294be62c23463a8386a9
-
SSDEEP
1536:HJglU0P4wDaWxyADV76w2bnQReOlDaP5QrIWG2CSAe0i4rEOz+d:pglnvD1xyAp761kRe8DaP54G3eL4rvyd
Score10/10-
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-