General
-
Target
malware.txt
-
Size
7KB
-
Sample
240519-vqevxsgh94
-
MD5
6e0473af4fbc9223bb02c4cbbad2ae4e
-
SHA1
e710bf9f0dc329d34644f869d580eb378bf179ec
-
SHA256
c7c562faf05a37549c96db450594051b30e2f4fc3010918e25d198ad028f1b1f
-
SHA512
e0de847f7fe1c0965cc1d2bb019441b7cd05890ba3d19c618a396de334e58dcca2fd5867756fb2f9d80d06f6fd85fc13f12c8c4855eb7844ff99bb3ca67a1444
-
SSDEEP
96:qD2WSNb8mN8r9f4PPfMSHnx2gqoAqb1j8RW8E/zmdPzWdEKuWP2W9Nukim26I95F:qD8qrZgX7xrCdPidfbj26I9z
Static task
static1
Behavioral task
behavioral1
Sample
malware.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
malware.vbs
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://bonzi.link/Bon.zip
Extracted
https://bonzi.link/Bon.zip
Targets
-
-
Target
malware.txt
-
Size
7KB
-
MD5
6e0473af4fbc9223bb02c4cbbad2ae4e
-
SHA1
e710bf9f0dc329d34644f869d580eb378bf179ec
-
SHA256
c7c562faf05a37549c96db450594051b30e2f4fc3010918e25d198ad028f1b1f
-
SHA512
e0de847f7fe1c0965cc1d2bb019441b7cd05890ba3d19c618a396de334e58dcca2fd5867756fb2f9d80d06f6fd85fc13f12c8c4855eb7844ff99bb3ca67a1444
-
SSDEEP
96:qD2WSNb8mN8r9f4PPfMSHnx2gqoAqb1j8RW8E/zmdPzWdEKuWP2W9Nukim26I95F:qD8qrZgX7xrCdPidfbj26I9z
-
Modifies boot configuration data using bcdedit
-
Blocklisted process makes network request
-
Creates new service(s)
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
System Services
1Service Execution
1Command and Scripting Interpreter
2PowerShell
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
2Windows Service
2