General
-
Target
file01.vbs
-
Size
255B
-
Sample
240525-ts67hsac8t
-
MD5
373e5f13ece02f97ff60cb6021dc0880
-
SHA1
574cf09f6fde0b709aa47845b6b092c3b3a4fe84
-
SHA256
c8433f6da3e5358d991d7d57cefcfd69905e2bbd8eab4ddc23d229355dabd1b6
-
SHA512
3cfe04aa23d5900bd2f73c3e942047945770eae320eb6cfa4eaf83fdc976c5fd14dc3bb389fe5fd75d8a3c824b62e775f89eaa9d4b6ea5fde926204608acd846
Malware Config
Targets
-
-
Target
file01.vbs
-
Size
255B
-
MD5
373e5f13ece02f97ff60cb6021dc0880
-
SHA1
574cf09f6fde0b709aa47845b6b092c3b3a4fe84
-
SHA256
c8433f6da3e5358d991d7d57cefcfd69905e2bbd8eab4ddc23d229355dabd1b6
-
SHA512
3cfe04aa23d5900bd2f73c3e942047945770eae320eb6cfa4eaf83fdc976c5fd14dc3bb389fe5fd75d8a3c824b62e775f89eaa9d4b6ea5fde926204608acd846
Score8/10-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-