General
-
Target
awb_shipping_documents_25_03_2024_000000000.vbs
-
Size
237KB
-
Sample
240325-txja9aff2w
-
MD5
937285e67679dcbd6d3a218cff5723e4
-
SHA1
73023fa293fc84f1db845a75a4be3c2337c8da4d
-
SHA256
d90f3ab705edef2a59cc39b6269f1a149f0f6e43e0aa4f128d05c1697726bcdb
-
SHA512
607ea5c0cf19a5776d60c15942c28b5e9433e52f72abad0b250d7abb72f98721210d328c6915051cd9b2fa215a938ed64eebb20de3dc6b9511f2a2fa3cb1b773
-
SSDEEP
6144:lyhQMLtOBxJrv5lttSP4KuK8jWwoipSRUiGT9rS2fTicm7jImE9uAI:ekVBDjI
Static task
static1
Behavioral task
behavioral1
Sample
awb_shipping_documents_25_03_2024_000000000.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
awb_shipping_documents_25_03_2024_000000000.vbs
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
awb_shipping_documents_25_03_2024_000000000.vbs
-
Size
237KB
-
MD5
937285e67679dcbd6d3a218cff5723e4
-
SHA1
73023fa293fc84f1db845a75a4be3c2337c8da4d
-
SHA256
d90f3ab705edef2a59cc39b6269f1a149f0f6e43e0aa4f128d05c1697726bcdb
-
SHA512
607ea5c0cf19a5776d60c15942c28b5e9433e52f72abad0b250d7abb72f98721210d328c6915051cd9b2fa215a938ed64eebb20de3dc6b9511f2a2fa3cb1b773
-
SSDEEP
6144:lyhQMLtOBxJrv5lttSP4KuK8jWwoipSRUiGT9rS2fTicm7jImE9uAI:ekVBDjI
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-