General
-
Target
Bank Slip.vbs
-
Size
957B
-
Sample
240416-szrjzafc5x
-
MD5
4d66177f839c56f22efb3f7dfed7e583
-
SHA1
d4d4a2d1680f25dd0642ec09e860932096108ff3
-
SHA256
bb3779fd9e2577b65ec5c4e304e017c340365e57e3cad7035c146f69e1f3ec7c
-
SHA512
ff87398772020a2cf6418d5b34f1b70759822982c69acbdcb236c46bc3d5acfdf57b713af8175cc9b9d7f91a591e59715de7d216fda51e33362f5d46bf4d573e
Static task
static1
Behavioral task
behavioral1
Sample
Bank Slip.vbs
Resource
win7-20240221-en
Malware Config
Extracted
darkcloud
-
email_from
igor.bos@vinoterra.ru
-
email_to
office.tony39@mail.ru
Targets
-
-
Target
Bank Slip.vbs
-
Size
957B
-
MD5
4d66177f839c56f22efb3f7dfed7e583
-
SHA1
d4d4a2d1680f25dd0642ec09e860932096108ff3
-
SHA256
bb3779fd9e2577b65ec5c4e304e017c340365e57e3cad7035c146f69e1f3ec7c
-
SHA512
ff87398772020a2cf6418d5b34f1b70759822982c69acbdcb236c46bc3d5acfdf57b713af8175cc9b9d7f91a591e59715de7d216fda51e33362f5d46bf4d573e
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-