General
-
Target
b25e5b6502b55f327c9896b57dee4fd133c8f30509085a00133ca769d76f1b56.vbs
-
Size
61KB
-
Sample
240524-b18q7sgf2v
-
MD5
e086a3fc0f47e5abcdf92571d8c0028c
-
SHA1
a1223fcd44467268adf1f531b6dda133494747e8
-
SHA256
b25e5b6502b55f327c9896b57dee4fd133c8f30509085a00133ca769d76f1b56
-
SHA512
066d1c6ec8af0e68d46d9590873283d2e824a8243bd3315d1cfa554859e9e6e5a3868db95be72e6e47d4e5efccbf92b9a9ca96d6459fc6a6c3eb81a397226cc2
-
SSDEEP
384:FZAaML0cnkem8npMSnhIRpuIkJ6jM1L7Kc0ZKEXJg:7xgiSnhIRgIkJq9Z5Zg
Malware Config
Targets
-
-
Target
b25e5b6502b55f327c9896b57dee4fd133c8f30509085a00133ca769d76f1b56.vbs
-
Size
61KB
-
MD5
e086a3fc0f47e5abcdf92571d8c0028c
-
SHA1
a1223fcd44467268adf1f531b6dda133494747e8
-
SHA256
b25e5b6502b55f327c9896b57dee4fd133c8f30509085a00133ca769d76f1b56
-
SHA512
066d1c6ec8af0e68d46d9590873283d2e824a8243bd3315d1cfa554859e9e6e5a3868db95be72e6e47d4e5efccbf92b9a9ca96d6459fc6a6c3eb81a397226cc2
-
SSDEEP
384:FZAaML0cnkem8npMSnhIRpuIkJ6jM1L7Kc0ZKEXJg:7xgiSnhIRgIkJq9Z5Zg
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-