General
-
Target
78a74e42bcf0d0df7cb482f178307235d60fbf59754456c2f742c4510dc83697.vbs
-
Size
42KB
-
Sample
240419-by33yaea3w
-
MD5
e93e1296b7e4688e847b299faed3bef2
-
SHA1
b3a6d46e8b062e47efd38e88d85d10125cff102d
-
SHA256
78a74e42bcf0d0df7cb482f178307235d60fbf59754456c2f742c4510dc83697
-
SHA512
3ab1406dc11bca238d5d60ebebc07bd8b779a9965a78e7f86ed4dee4083249922f3342dbf91cfaa17d6713db4140c08689c83119cd66fabace212ebefd77a650
-
SSDEEP
768:Ha5MtHHJjzte49JZvrkudqaki7XyrWCWvcN59xwYyZ:HLtFzMaZv5QOrZCdPwY+
Static task
static1
Behavioral task
behavioral1
Sample
78a74e42bcf0d0df7cb482f178307235d60fbf59754456c2f742c4510dc83697.vbs
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
78a74e42bcf0d0df7cb482f178307235d60fbf59754456c2f742c4510dc83697.vbs
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
78a74e42bcf0d0df7cb482f178307235d60fbf59754456c2f742c4510dc83697.vbs
-
Size
42KB
-
MD5
e93e1296b7e4688e847b299faed3bef2
-
SHA1
b3a6d46e8b062e47efd38e88d85d10125cff102d
-
SHA256
78a74e42bcf0d0df7cb482f178307235d60fbf59754456c2f742c4510dc83697
-
SHA512
3ab1406dc11bca238d5d60ebebc07bd8b779a9965a78e7f86ed4dee4083249922f3342dbf91cfaa17d6713db4140c08689c83119cd66fabace212ebefd77a650
-
SSDEEP
768:Ha5MtHHJjzte49JZvrkudqaki7XyrWCWvcN59xwYyZ:HLtFzMaZv5QOrZCdPwY+
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-