Overview

overview

8

Static

static

1

target.vbs

windows7-x64

8

target.vbs

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    target.vbs

  • Size

    209B

  • Sample

    240525-tsmswaag48

  • MD5

    fe505a5e05c25e1b991d6f6094899bdf

  • SHA1

    3dda3dbed85f227a9563b8b7e94b1fbfc9ec5d99

  • SHA256

    dc83fb002acfc2179b1e82046f5827f14a5ed2bd58503403155b0cef21f89533

  • SHA512

    c7c39c1ddcb6c4a83489b14c459f0446bd1585bf4d840e7026a08b4341584ee48381b23a182f3f7fc74c04568a6428b00ffadab5954dbd6e3f2967b805c5340f

Score
8/10
discoveryexploit

Malware Config

Targets

    • Target

      target.vbs

    • Size

      209B

    • MD5

      fe505a5e05c25e1b991d6f6094899bdf

    • SHA1

      3dda3dbed85f227a9563b8b7e94b1fbfc9ec5d99

    • SHA256

      dc83fb002acfc2179b1e82046f5827f14a5ed2bd58503403155b0cef21f89533

    • SHA512

      c7c39c1ddcb6c4a83489b14c459f0446bd1585bf4d840e7026a08b4341584ee48381b23a182f3f7fc74c04568a6428b00ffadab5954dbd6e3f2967b805c5340f

    Score
    8/10
    discoveryexploit

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks