General
-
Target
18a00a0da74be3d89a29bd856617a1703ee83646f39a51d70cf9d9017bd1ffad.vbs
-
Size
20KB
-
Sample
240322-ckd3bshb31
-
MD5
6c172c78edfa9cf3fbcee9e6417b4ec0
-
SHA1
56d554a6cfae0cbee45a32ac9e7f261c910cd046
-
SHA256
18a00a0da74be3d89a29bd856617a1703ee83646f39a51d70cf9d9017bd1ffad
-
SHA512
881216852a4049ce32387b221791b9ba7c75c4decb9b869430842a7a540f52ec1a24ae9a41550e0feb0dcf58731dcdd2dda9bcd45c798e0403af0fefaa751c27
-
SSDEEP
384:CE68ihBTZ6i8ahvxSIp27nn15lNmpK2kn70Vuz3+44GE8gT:H68ihdgi/LfIn3lNmpK2k7Sau4m8M
Static task
static1
Behavioral task
behavioral1
Sample
18a00a0da74be3d89a29bd856617a1703ee83646f39a51d70cf9d9017bd1ffad.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
18a00a0da74be3d89a29bd856617a1703ee83646f39a51d70cf9d9017bd1ffad.vbs
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
18a00a0da74be3d89a29bd856617a1703ee83646f39a51d70cf9d9017bd1ffad.vbs
-
Size
20KB
-
MD5
6c172c78edfa9cf3fbcee9e6417b4ec0
-
SHA1
56d554a6cfae0cbee45a32ac9e7f261c910cd046
-
SHA256
18a00a0da74be3d89a29bd856617a1703ee83646f39a51d70cf9d9017bd1ffad
-
SHA512
881216852a4049ce32387b221791b9ba7c75c4decb9b869430842a7a540f52ec1a24ae9a41550e0feb0dcf58731dcdd2dda9bcd45c798e0403af0fefaa751c27
-
SSDEEP
384:CE68ihBTZ6i8ahvxSIp27nn15lNmpK2kn70Vuz3+44GE8gT:H68ihdgi/LfIn3lNmpK2k7Sau4m8M
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-