General
-
Target
見積依頼先_(OU)_OSAKA-2024100044-05JP·pdf.vbs
-
Size
181KB
-
Sample
240325-twydsacg49
-
MD5
5abfcbce1f90501808379e179feb51c8
-
SHA1
e305ee8202f579517fe0634e22346584aaf4c148
-
SHA256
7698fb4c720a5c5810a8b80ae25ef1e6f5185e49cb151ef21937f0788276354e
-
SHA512
616becc5031d7b1d3e0b08b86a7a90b8a354a2357fe0fafe6e0e16c094eadfea2362452e32169b32f322b2c06e11c79b6220a40c8bd46be7dde21d086c7c2a5b
-
SSDEEP
3072:XPvtrVR7t/zhP5AbvMZoxnRcRKKh14t8EIuvQcVi1l8ok/1fyLbvj/3s0oV++hyC:/vdVR7tLhxAbvMZoxnRcsK3M8EIOQcVJ
Static task
static1
Behavioral task
behavioral1
Sample
見積依頼先_(OU)_OSAKA-2024100044-05JP·pdf.vbs
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
見積依頼先_(OU)_OSAKA-2024100044-05JP·pdf.vbs
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
見積依頼先_(OU)_OSAKA-2024100044-05JP·pdf.vbs
-
Size
181KB
-
MD5
5abfcbce1f90501808379e179feb51c8
-
SHA1
e305ee8202f579517fe0634e22346584aaf4c148
-
SHA256
7698fb4c720a5c5810a8b80ae25ef1e6f5185e49cb151ef21937f0788276354e
-
SHA512
616becc5031d7b1d3e0b08b86a7a90b8a354a2357fe0fafe6e0e16c094eadfea2362452e32169b32f322b2c06e11c79b6220a40c8bd46be7dde21d086c7c2a5b
-
SSDEEP
3072:XPvtrVR7t/zhP5AbvMZoxnRcRKKh14t8EIuvQcVi1l8ok/1fyLbvj/3s0oV++hyC:/vdVR7tLhxAbvMZoxnRcsK3M8EIOQcVJ
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-