General
-
Target
A1_racun_02-2024·pdf.vbs
-
Size
178KB
-
Sample
240326-n3fjnace3y
-
MD5
ae564cbac15af89bb344188e9a63b34f
-
SHA1
fbeb8bedcd6c776e05ecb23e490c8e9f730fbab5
-
SHA256
1c29fe33928f4b621622877e9e9baf06d781649b667f539686d335b19681467a
-
SHA512
5f0709a3102d733f4442a763e7a297ee74a506e1880bbc456dd7125dea410c07a4e43c082c1540b76a182ac764c53bbc539f9e9dfa1ca611a889a4965ccffe39
-
SSDEEP
3072:XPvtrVR7t/zhP5AbvMZoxnRcRKKh14t8EIuvQcVi1l8ok/1fyLbvj/3s0oV++hyL:/vdVR7tLhxAbvMZoxnRcsK3M8EIOQcVI
Malware Config
Targets
-
-
Target
A1_racun_02-2024·pdf.vbs
-
Size
178KB
-
MD5
ae564cbac15af89bb344188e9a63b34f
-
SHA1
fbeb8bedcd6c776e05ecb23e490c8e9f730fbab5
-
SHA256
1c29fe33928f4b621622877e9e9baf06d781649b667f539686d335b19681467a
-
SHA512
5f0709a3102d733f4442a763e7a297ee74a506e1880bbc456dd7125dea410c07a4e43c082c1540b76a182ac764c53bbc539f9e9dfa1ca611a889a4965ccffe39
-
SSDEEP
3072:XPvtrVR7t/zhP5AbvMZoxnRcRKKh14t8EIuvQcVi1l8ok/1fyLbvj/3s0oV++hyL:/vdVR7tLhxAbvMZoxnRcsK3M8EIOQcVI
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-