General
-
Target
0d59e429f0d2acf46b9b2400651cae8ca032b62932bad8e39d7a1465ac49e36b.vbs
-
Size
210KB
-
Sample
240510-bgxjtsda96
-
MD5
86d5dcbeeeca8b8b5702e414678a95ee
-
SHA1
2bd15186a1120f5b222c3eeb6e56530b25bff151
-
SHA256
0d59e429f0d2acf46b9b2400651cae8ca032b62932bad8e39d7a1465ac49e36b
-
SHA512
e67238280029e78981495ee9f757a373a2588d47c4c55a248064535ae0bc75c3cc6900c811e10e1941478e0b40dfacac73573e9de0110a1163fdf23a678bb42f
-
SSDEEP
1536:ben2+mzXdn8l22d99CObidCocEW1aJK66n5yhtW0/5JpWn4cNIg0BfbUZlu9gISw:b2do9JK6X/vcmg0Bfc37P8
Malware Config
Targets
-
-
Target
0d59e429f0d2acf46b9b2400651cae8ca032b62932bad8e39d7a1465ac49e36b.vbs
-
Size
210KB
-
MD5
86d5dcbeeeca8b8b5702e414678a95ee
-
SHA1
2bd15186a1120f5b222c3eeb6e56530b25bff151
-
SHA256
0d59e429f0d2acf46b9b2400651cae8ca032b62932bad8e39d7a1465ac49e36b
-
SHA512
e67238280029e78981495ee9f757a373a2588d47c4c55a248064535ae0bc75c3cc6900c811e10e1941478e0b40dfacac73573e9de0110a1163fdf23a678bb42f
-
SSDEEP
1536:ben2+mzXdn8l22d99CObidCocEW1aJK66n5yhtW0/5JpWn4cNIg0BfbUZlu9gISw:b2do9JK6X/vcmg0Bfc37P8
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-