General
-
Target
doc_awb_shipping_invoice_17_04_2024_000000000000024.vbs
-
Size
403KB
-
Sample
240419-sf73lsgc4x
-
MD5
d8e8da20535c7928e416af72d69cc817
-
SHA1
2e6151a12a6ecafdb2943166e1c11417eeebcf7f
-
SHA256
814c44267d5b05f72b1d8a0a2f9d165515d109383cf9061688c59bc59709f57f
-
SHA512
47b603258dc07d8ebf809d29071c634f15670bd95d52c7968cfcc064087ff94ff0896a725cfb94b335e55bddd622d711341a542d4ca10b8d6cc127f0d7b13cdd
-
SSDEEP
6144:ltrc0iH9QXg0Im+aUGFvWtBVkmFtNqsgBt8FD3PG7BXMVbc:lFidQ0lBzzTc
Static task
static1
Behavioral task
behavioral1
Sample
doc_awb_shipping_invoice_17_04_2024_000000000000024.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
doc_awb_shipping_invoice_17_04_2024_000000000000024.vbs
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
doc_awb_shipping_invoice_17_04_2024_000000000000024.vbs
-
Size
403KB
-
MD5
d8e8da20535c7928e416af72d69cc817
-
SHA1
2e6151a12a6ecafdb2943166e1c11417eeebcf7f
-
SHA256
814c44267d5b05f72b1d8a0a2f9d165515d109383cf9061688c59bc59709f57f
-
SHA512
47b603258dc07d8ebf809d29071c634f15670bd95d52c7968cfcc064087ff94ff0896a725cfb94b335e55bddd622d711341a542d4ca10b8d6cc127f0d7b13cdd
-
SSDEEP
6144:ltrc0iH9QXg0Im+aUGFvWtBVkmFtNqsgBt8FD3PG7BXMVbc:lFidQ0lBzzTc
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-