General
-
Target
bb8d35012cdd6408e23b9983549095e98a88c1ccf99fc447cb92bf9d6de71b91.vbs
-
Size
13KB
-
Sample
240523-cdzepahf2z
-
MD5
693d91041a54a578ada0c38a77634ee9
-
SHA1
13e0a6c85203356af7d11ff4a0e74a6b9637f466
-
SHA256
bb8d35012cdd6408e23b9983549095e98a88c1ccf99fc447cb92bf9d6de71b91
-
SHA512
110e25ec6a8f8cb52a3d8a21e01ae9e2b308276111a70cd2afd64e187b41fbbedf9365170bacd971b26ee17a62df4b2174dd2580bcdb18ed768a06d01d860ccb
-
SSDEEP
192:lLZMMji78HauxUn+OKEtfuJkEF3UxO8OY7DIsRsTYEtoTP5CfQ6x7PwYVRWFo2Uj:DV8wtkyRi/aVvdb2ze
Static task
static1
Behavioral task
behavioral1
Sample
bb8d35012cdd6408e23b9983549095e98a88c1ccf99fc447cb92bf9d6de71b91.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bb8d35012cdd6408e23b9983549095e98a88c1ccf99fc447cb92bf9d6de71b91.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
bb8d35012cdd6408e23b9983549095e98a88c1ccf99fc447cb92bf9d6de71b91.vbs
-
Size
13KB
-
MD5
693d91041a54a578ada0c38a77634ee9
-
SHA1
13e0a6c85203356af7d11ff4a0e74a6b9637f466
-
SHA256
bb8d35012cdd6408e23b9983549095e98a88c1ccf99fc447cb92bf9d6de71b91
-
SHA512
110e25ec6a8f8cb52a3d8a21e01ae9e2b308276111a70cd2afd64e187b41fbbedf9365170bacd971b26ee17a62df4b2174dd2580bcdb18ed768a06d01d860ccb
-
SSDEEP
192:lLZMMji78HauxUn+OKEtfuJkEF3UxO8OY7DIsRsTYEtoTP5CfQ6x7PwYVRWFo2Uj:DV8wtkyRi/aVvdb2ze
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-