General
-
Target
480aee6e6dc6f3a1b62a8e43cfe0e28b.bin
-
Size
6KB
-
Sample
240324-b9m6vsga64
-
MD5
acd8ec74f637adc59e76f0f2bef04ba7
-
SHA1
87311d6af67b59b9021c0dd16f080e3d5d0c3f66
-
SHA256
fc4608deaab08f5843e7cb5fdd0f6df21004bde824db896975ec9e5045cd97bd
-
SHA512
b495cac6f0f294754519116c27aa9e353ce01e4903b32bf113e01909e2674148b9826ae4c1bb1891585c35789253f58f5b5fbfb7d57d0105663ea9863f888433
-
SSDEEP
192:AkxG6ZTZvuY/CsRA6ESm96+B9rd6SNsmG0:AEnTZWKC1uC6oNxV
Static task
static1
Behavioral task
behavioral1
Sample
awb_shipping_documents_22_03_2024_000000000.vbs
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
awb_shipping_documents_22_03_2024_000000000.vbs
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
awb_shipping_documents_22_03_2024_000000000.vbs.vbs
-
Size
11KB
-
MD5
6646a9bb09a2b4728226279754b6dafe
-
SHA1
d3a0ce176ab0318ee04af196c94c4651c45669aa
-
SHA256
c8516d6d8b755bebd51020602814ee36f447cf379f7e0ac0be3f576f573ada37
-
SHA512
98c92b70a97659ecdc0f032582e8515b40f0841a1ea83918639e3f6ad6a3f014b938aa958eeea968b795945e40bc21e2ea2d371d1fef72d8b02af3747d19a7c8
-
SSDEEP
192:1NCDZe4/HFVEKNCLDyOjduQ1PrWZj5DagfFWLJVgf/CNIY84aXn:2DZe4bKduoPAj5Vteg/CM4aXn
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-