d8c159d2b08f67e7bedefbbd2f96e03563ccd65fed72f9f27383a08dcbfba20e | Triage

Sharing

General

Target

file01.vbs
Size

1KB
Sample

240528-nqc8rsac69
MD5

ac74f4410482c655f5f633164bc24d4a
SHA1

083d14cd9967820eac4943a259e773f685c41198
SHA256

d8c159d2b08f67e7bedefbbd2f96e03563ccd65fed72f9f27383a08dcbfba20e
SHA512

10cb234c6cc09666456fcd37acc4692ddf9f7d6aefd28264d60c958867ec0140aeb7cc336e05f13c98627f78443b11f2830e1f3bd5c304f51fe465a4eb90ca8d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  file01.vbs
- Size
  
  1KB
- MD5
  
  ac74f4410482c655f5f633164bc24d4a
- SHA1
  
  083d14cd9967820eac4943a259e773f685c41198
- SHA256
  
  d8c159d2b08f67e7bedefbbd2f96e03563ccd65fed72f9f27383a08dcbfba20e
- SHA512
  
  10cb234c6cc09666456fcd37acc4692ddf9f7d6aefd28264d60c958867ec0140aeb7cc336e05f13c98627f78443b11f2830e1f3bd5c304f51fe465a4eb90ca8d
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Registers new Print Monitor
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence