General
-
Target
1c3db7d3d072707e609209a6e1bf54b830a0db37145d088a28894c0458564595.iso
-
Size
248KB
-
Sample
240418-bhl5gsfh7t
-
MD5
a1369541890d9ce089123c0c9dcadd2a
-
SHA1
b0fe01cb16cebb85a997d84240dc60a3e7a0beb9
-
SHA256
1c3db7d3d072707e609209a6e1bf54b830a0db37145d088a28894c0458564595
-
SHA512
43c02fa5d03660f93c01758ff008a0e5bb47d9505a409c054bb85648c180c7321ee2926f1a797b2d0156088e1e1dbf80537d48e37bd08105593b46bf9afbf558
-
SSDEEP
6144:GrR8ccABOwbDA2zJETxVu1vH/rsqfXB2moC:Ocyoq
Static task
static1
Behavioral task
behavioral1
Sample
Carlispa_Ordine_00401702400417.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Carlispa_Ordine_00401702400417.vbs
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
Carlispa_Ordine_00401702400417.vbs
-
Size
187KB
-
MD5
947d8500e25de01d02c5dc254d67c248
-
SHA1
c073a8f64f2cbb46a1ea768b8c701d17a413b984
-
SHA256
fbd7521613eeda606382f56a500c5015af001af819556b056bd1ef076820e297
-
SHA512
fa53189ba4094b1af7a514acf85f832fe51ea2714afb4adea87193ead46c0e01c78f76ccfd342db58bddb45be237bf7d03326194553243d3085488b026294669
-
SSDEEP
3072:2+w8jqrKK8ccABOwbDS2y2zJETxUuoHh36wH/OLxCxTwvNPapsCRXBDo5mFSartr:GrR8ccABOwbDA2zJETxVu1vH/rsqfXB7
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-