General
-
Target
malware.txt
-
Size
7KB
-
Sample
240519-vm34caha5v
-
MD5
775f152b958147204f3cc3a4da63c6c8
-
SHA1
4814e610f5322f3a9a197c8fd2be170946732367
-
SHA256
638565ad01412f15dd5782af2fe1e685d91577ddd995e5eabf46916ed7a25cb9
-
SHA512
1bcaa377cabf089f072c8adca62a137ad5ca14ab71ddf3dda7c852ad4a841d5f1678128a0e3c2312d685af8edc5e5ea6189cba0282d93edee9fa1cdf519adc3c
-
SSDEEP
96:qD2WSNb8mN8r9f4PPfMSHnx2gqoAqb1j8RW8E/zmdPzWdEKuWP2W9Nukim26195F:qD8qrZgX7xrCdPidfbj2619z
Static task
static1
Behavioral task
behavioral1
Sample
malware.vbs
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
malware.vbs
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://bonzi.link/Bon.zip
Targets
-
-
Target
malware.txt
-
Size
7KB
-
MD5
775f152b958147204f3cc3a4da63c6c8
-
SHA1
4814e610f5322f3a9a197c8fd2be170946732367
-
SHA256
638565ad01412f15dd5782af2fe1e685d91577ddd995e5eabf46916ed7a25cb9
-
SHA512
1bcaa377cabf089f072c8adca62a137ad5ca14ab71ddf3dda7c852ad4a841d5f1678128a0e3c2312d685af8edc5e5ea6189cba0282d93edee9fa1cdf519adc3c
-
SSDEEP
96:qD2WSNb8mN8r9f4PPfMSHnx2gqoAqb1j8RW8E/zmdPzWdEKuWP2W9Nukim26195F:qD8qrZgX7xrCdPidfbj2619z
-
Modifies boot configuration data using bcdedit
-
Blocklisted process makes network request
-
Creates new service(s)
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
System Services
1Service Execution
1Command and Scripting Interpreter
2PowerShell
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
2Windows Service
2