General
-
Target
REF JUDICIAL NROº 8765745477435455475445 {ANEXO DE LA DEMANDA INTERPUESTA EN SU CONTRA}.vbs
-
Size
4.0MB
-
Sample
240229-ny1c9sga6t
-
MD5
9846ccc0ec01e183e443b5ed407ffdbf
-
SHA1
3b7fd58ce528908bc4a8bf7f582cd150e265599b
-
SHA256
b7261e2931906c8d7a9fa7a54e26e35e3c11185e26bb22add7b18555f4aafb2b
-
SHA512
2d029cedf1565a12b8652e33f76bf328ccf400f49efcad805043867dd0224d54f4c75c747321042d155014006961051c397827541eb028f80ecd82dbfdc99ca6
-
SSDEEP
3072:Bffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff6:4
Static task
static1
Behavioral task
behavioral1
Sample
REF JUDICIAL NROº 8765745477435455475445 {ANEXO DE LA DEMANDA INTERPUESTA EN SU CONTRA}.vbs
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
1.0.7
28FEB-vbs
28febnde.dynv6.net:2202
TRFs3467YelrtiTRUTY
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
REF JUDICIAL NROº 8765745477435455475445 {ANEXO DE LA DEMANDA INTERPUESTA EN SU CONTRA}.vbs
-
Size
4.0MB
-
MD5
9846ccc0ec01e183e443b5ed407ffdbf
-
SHA1
3b7fd58ce528908bc4a8bf7f582cd150e265599b
-
SHA256
b7261e2931906c8d7a9fa7a54e26e35e3c11185e26bb22add7b18555f4aafb2b
-
SHA512
2d029cedf1565a12b8652e33f76bf328ccf400f49efcad805043867dd0224d54f4c75c747321042d155014006961051c397827541eb028f80ecd82dbfdc99ca6
-
SSDEEP
3072:Bffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff6:4
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-