General
-
Target
ADZP 20 Complex.vbs
-
Size
32KB
-
Sample
240525-vpehrsbh67
-
MD5
36deca5bd53f31d062d07c1d3fa0cc8d
-
SHA1
1d245de03d3725b180f572b15036cbb168445edf
-
SHA256
d6607a9ec5fc0698f50382ffe61a4ad1f36a8b26c0834c305f40e41647980668
-
SHA512
e1253113a5dfd1cd7e93dfe45649d89e072db432b1724aaf36c7b082b38e770c4755e4d01c136134bb9356f74daa1e7205e5fa43f575edb5013a91f738be71c1
-
SSDEEP
384:WO9h4Bbs9odeP93e6xj6BT2xg2mP+CMdNLjl9NQJW:lZ+kPxe6x+BT22FGCMdtZoW
Malware Config
Targets
-
-
Target
ADZP 20 Complex.vbs
-
Size
32KB
-
MD5
36deca5bd53f31d062d07c1d3fa0cc8d
-
SHA1
1d245de03d3725b180f572b15036cbb168445edf
-
SHA256
d6607a9ec5fc0698f50382ffe61a4ad1f36a8b26c0834c305f40e41647980668
-
SHA512
e1253113a5dfd1cd7e93dfe45649d89e072db432b1724aaf36c7b082b38e770c4755e4d01c136134bb9356f74daa1e7205e5fa43f575edb5013a91f738be71c1
-
SSDEEP
384:WO9h4Bbs9odeP93e6xj6BT2xg2mP+CMdNLjl9NQJW:lZ+kPxe6x+BT22FGCMdtZoW
Score8/10-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-