General
-
Target
6a913057f3e1f85f9b31f1f44ff6dd03a41cfc2c81f00bf5f8a3e92ea0ae7992.vbs
-
Size
24KB
-
Sample
240508-ch61bsfe54
-
MD5
44a33291be2d0491544c7c41cb664926
-
SHA1
6f89591d5c4bf89721d9656c5fce5b162eb94e1c
-
SHA256
6a913057f3e1f85f9b31f1f44ff6dd03a41cfc2c81f00bf5f8a3e92ea0ae7992
-
SHA512
adf899ca806c169c7d45db5ce3b240af0470b7eb4d0862ea6f4eef2604aafe8be4130a6d7ee55b8b7b33d84df27c602d61d1adac3889173e0c09aa61850b57d8
-
SSDEEP
384:UhGwlEq6smV4fNuFqhMxgRQYAl3MTxSiMFpWrd2Wxol4cgbc:Uh5f6smV4qqqaaYAl3uSwzyl4Po
Malware Config
Targets
-
-
Target
6a913057f3e1f85f9b31f1f44ff6dd03a41cfc2c81f00bf5f8a3e92ea0ae7992.vbs
-
Size
24KB
-
MD5
44a33291be2d0491544c7c41cb664926
-
SHA1
6f89591d5c4bf89721d9656c5fce5b162eb94e1c
-
SHA256
6a913057f3e1f85f9b31f1f44ff6dd03a41cfc2c81f00bf5f8a3e92ea0ae7992
-
SHA512
adf899ca806c169c7d45db5ce3b240af0470b7eb4d0862ea6f4eef2604aafe8be4130a6d7ee55b8b7b33d84df27c602d61d1adac3889173e0c09aa61850b57d8
-
SSDEEP
384:UhGwlEq6smV4fNuFqhMxgRQYAl3MTxSiMFpWrd2Wxol4cgbc:Uh5f6smV4qqqaaYAl3uSwzyl4Po
Score9/10-
Detects executables packed with SmartAssembly
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-