General
-
Target
awb_shipping_documents_17_04_2024_00000.vbs
-
Size
932KB
-
Sample
240418-bwx4xafc35
-
MD5
ac5b979626e0255c763834243ddf8028
-
SHA1
507a1e4daa53d11c2453fd4c707260a5b8f054fc
-
SHA256
8f6edaf7a58a791bf05eb1d5d3bac18561dad46b591bf0a3ed498358fa875e9d
-
SHA512
8e5c0d73c6e3a11d44f010e35fd1eeefc650bb0f0bdaba972769b84d61fec39c168c8237dfe3f2d851371d8fe0289178af4ef28d2ec693cf10e769eeb39bd828
-
SSDEEP
12288:YGS9YA36Oat2ZWorFnXJD5b9NVzWixJ3q+DhXYBauruyZv:YGSSy6/IZWortfbBz7JTFXYUbyl
Static task
static1
Behavioral task
behavioral1
Sample
awb_shipping_documents_17_04_2024_00000.vbs
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
awb_shipping_documents_17_04_2024_00000.vbs
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
awb_shipping_documents_17_04_2024_00000.vbs
-
Size
932KB
-
MD5
ac5b979626e0255c763834243ddf8028
-
SHA1
507a1e4daa53d11c2453fd4c707260a5b8f054fc
-
SHA256
8f6edaf7a58a791bf05eb1d5d3bac18561dad46b591bf0a3ed498358fa875e9d
-
SHA512
8e5c0d73c6e3a11d44f010e35fd1eeefc650bb0f0bdaba972769b84d61fec39c168c8237dfe3f2d851371d8fe0289178af4ef28d2ec693cf10e769eeb39bd828
-
SSDEEP
12288:YGS9YA36Oat2ZWorFnXJD5b9NVzWixJ3q+DhXYBauruyZv:YGSSy6/IZWortfbBz7JTFXYUbyl
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-