General
-
Target
trigger.vbs
-
Size
90B
-
Sample
240526-keltzsdc52
-
MD5
ee0839d0823d0b94662ee473497cd6c7
-
SHA1
9862390404bd8cce614071e8a6eb2268e1cb2755
-
SHA256
ce5003c5067f9ef22bec1c1e9d6f20035d5114158877d3115f313bac4b372859
-
SHA512
aa9860846962ba36a2c31c25c72ec2c76787c2648223822a19a01cbed9454b91e91f4ae007153072766592bfcc3111d9fe2165ef433519ffcaf33850ebde559c
Static task
static1
Behavioral task
behavioral1
Sample
trigger.vbs
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
trigger.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
trigger.vbs
-
Size
90B
-
MD5
ee0839d0823d0b94662ee473497cd6c7
-
SHA1
9862390404bd8cce614071e8a6eb2268e1cb2755
-
SHA256
ce5003c5067f9ef22bec1c1e9d6f20035d5114158877d3115f313bac4b372859
-
SHA512
aa9860846962ba36a2c31c25c72ec2c76787c2648223822a19a01cbed9454b91e91f4ae007153072766592bfcc3111d9fe2165ef433519ffcaf33850ebde559c
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
5Registry Run Keys / Startup Folder
5Browser Extensions
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
5Registry Run Keys / Startup Folder
5Event Triggered Execution
1Change Default File Association
1