General
-
Target
TOMBIG - 9004898 - Ponuka·pdf.vbs
-
Size
179KB
-
Sample
240328-xama6seb76
-
MD5
194dde165c8011d301784d1ddaced170
-
SHA1
f9ee1b100dd1fe983685c1750b5c0e0bf1482fa1
-
SHA256
4310bf502a623205fed084012e87eec8b6a6f5803695b3f27367cdb5b7dd1b45
-
SHA512
52446abd43dada5cd84e3d70ddf034a967ece23078b492de2f82eeaa5d7622cb07adc107fc35db72488a213a2f748eb6198d3250b5f80ff0c3174f52e70707f4
-
SSDEEP
3072:XPvtrVR7t/zhP5AbvMZoxnRcRKKh14t8EIuvQcVi1l8ok/1fyLbvj/3s0oV++hyK:/vdVR7tLhxAbvMZoxnRcsK3M8EIOQcV7
Static task
static1
Behavioral task
behavioral1
Sample
TOMBIG - 9004898 - Ponuka·pdf.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TOMBIG - 9004898 - Ponuka·pdf.vbs
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
TOMBIG - 9004898 - Ponuka·pdf.vbs
-
Size
179KB
-
MD5
194dde165c8011d301784d1ddaced170
-
SHA1
f9ee1b100dd1fe983685c1750b5c0e0bf1482fa1
-
SHA256
4310bf502a623205fed084012e87eec8b6a6f5803695b3f27367cdb5b7dd1b45
-
SHA512
52446abd43dada5cd84e3d70ddf034a967ece23078b492de2f82eeaa5d7622cb07adc107fc35db72488a213a2f748eb6198d3250b5f80ff0c3174f52e70707f4
-
SSDEEP
3072:XPvtrVR7t/zhP5AbvMZoxnRcRKKh14t8EIuvQcVi1l8ok/1fyLbvj/3s0oV++hyK:/vdVR7tLhxAbvMZoxnRcsK3M8EIOQcV7
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-