General
-
Target
f2d8703d0b3ec39872caf5d17b2dd6258e73b2b87923524dec5a9f86d343589b.vbs
-
Size
278KB
-
Sample
240419-cmkmwsfa2w
-
MD5
180a5b7cf2e35e007a1e0044061cd2b2
-
SHA1
d5c71006c6e401a04c670d847d9d0d9f8d919798
-
SHA256
f2d8703d0b3ec39872caf5d17b2dd6258e73b2b87923524dec5a9f86d343589b
-
SHA512
c9fe962710bb23bc0a2cfdcb7ec2ba5f00396d429f5026cd083d45e398790923829304378ea735dd8205cd82d88757d504e55b7f0bb671f9ca4a9d2444cd3819
-
SSDEEP
6144:LwdAYDLBLW+8A1ytW3xrbjsSFuHeEC57kdmXl45zaoGGqAP3MQ9scOdy8TeJ15UL:EnS2Imc7J15kAl6
Static task
static1
Behavioral task
behavioral1
Sample
f2d8703d0b3ec39872caf5d17b2dd6258e73b2b87923524dec5a9f86d343589b.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f2d8703d0b3ec39872caf5d17b2dd6258e73b2b87923524dec5a9f86d343589b.vbs
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f2d8703d0b3ec39872caf5d17b2dd6258e73b2b87923524dec5a9f86d343589b.vbs
-
Size
278KB
-
MD5
180a5b7cf2e35e007a1e0044061cd2b2
-
SHA1
d5c71006c6e401a04c670d847d9d0d9f8d919798
-
SHA256
f2d8703d0b3ec39872caf5d17b2dd6258e73b2b87923524dec5a9f86d343589b
-
SHA512
c9fe962710bb23bc0a2cfdcb7ec2ba5f00396d429f5026cd083d45e398790923829304378ea735dd8205cd82d88757d504e55b7f0bb671f9ca4a9d2444cd3819
-
SSDEEP
6144:LwdAYDLBLW+8A1ytW3xrbjsSFuHeEC57kdmXl45zaoGGqAP3MQ9scOdy8TeJ15UL:EnS2Imc7J15kAl6
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-