General
-
Target
target.vbs
-
Size
209B
-
Sample
240525-tsmswaag48
-
MD5
fe505a5e05c25e1b991d6f6094899bdf
-
SHA1
3dda3dbed85f227a9563b8b7e94b1fbfc9ec5d99
-
SHA256
dc83fb002acfc2179b1e82046f5827f14a5ed2bd58503403155b0cef21f89533
-
SHA512
c7c39c1ddcb6c4a83489b14c459f0446bd1585bf4d840e7026a08b4341584ee48381b23a182f3f7fc74c04568a6428b00ffadab5954dbd6e3f2967b805c5340f
Static task
static1
Behavioral task
behavioral1
Sample
target.vbs
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
target.vbs
-
Size
209B
-
MD5
fe505a5e05c25e1b991d6f6094899bdf
-
SHA1
3dda3dbed85f227a9563b8b7e94b1fbfc9ec5d99
-
SHA256
dc83fb002acfc2179b1e82046f5827f14a5ed2bd58503403155b0cef21f89533
-
SHA512
c7c39c1ddcb6c4a83489b14c459f0446bd1585bf4d840e7026a08b4341584ee48381b23a182f3f7fc74c04568a6428b00ffadab5954dbd6e3f2967b805c5340f
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-