General
-
Target
rOferta_SKGNMECLemnedefinitionen353523577.wsf
-
Size
17KB
-
Sample
240419-v6jh2sag88
-
MD5
ed7122bfc1517425a483908cff86d950
-
SHA1
d71986894ac69f6958f3e126bec9eaabea50fa5c
-
SHA256
813142e22c4d2a79a49e1f96a9bea8b14e13a67eb9d35922b5ac0b88b33aec6a
-
SHA512
2fae96a3d31de6195ddf196d1b4abd2c1a7564347805838f701e328ef2a823462c45d09232d7ddecd7bacacec5652808194e77c2f8f674d06cc4a61a34976636
-
SSDEEP
384:vxuMLgrXuO5tyVsCouP+fVMD0BoqPrLjibxqWW4ZxQbIeMgJQc+Nzuz:vxtVOvyn3P+fC6fXji3+MNS
Static task
static1
Behavioral task
behavioral1
Sample
rOferta_SKGNMECLemnedefinitionen353523577.wsf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
rOferta_SKGNMECLemnedefinitionen353523577.wsf
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
rOferta_SKGNMECLemnedefinitionen353523577.wsf
-
Size
17KB
-
MD5
ed7122bfc1517425a483908cff86d950
-
SHA1
d71986894ac69f6958f3e126bec9eaabea50fa5c
-
SHA256
813142e22c4d2a79a49e1f96a9bea8b14e13a67eb9d35922b5ac0b88b33aec6a
-
SHA512
2fae96a3d31de6195ddf196d1b4abd2c1a7564347805838f701e328ef2a823462c45d09232d7ddecd7bacacec5652808194e77c2f8f674d06cc4a61a34976636
-
SSDEEP
384:vxuMLgrXuO5tyVsCouP+fVMD0BoqPrLjibxqWW4ZxQbIeMgJQc+Nzuz:vxtVOvyn3P+fC6fXji3+MNS
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-