05a2aa7be4bb637d6fd522232869d3d194769d985b886cdbf3cf87f0792f1cbc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05a2aa7be4bb637d6fd522232869d3d194769d985b886cdbf3cf87f0792f1cbc.vbs
Size

1.1MB
Sample

240601-wnz9hsbb27
MD5

57a36968f0c63c5a762009b942b97815
SHA1

af02b89ba1d662e9c5623e44d65a1fa62820acea
SHA256

05a2aa7be4bb637d6fd522232869d3d194769d985b886cdbf3cf87f0792f1cbc
SHA512

50f4b31a8f3c07357808d0c73e2e21321fbb9cb0e7fd9098bbeb0012c96abb9ee4998bafec78ac209971dda3b40262af04874cf99f2f5c5f670205109a7f691b
SSDEEP

12288:X31cvBzbU01qal638iNX3iTMgmuYtWN/ZgMiQPeRjcY:XYz64+2SjcY

Score

8^/10

Malware Config

Targets

- Target
  
  05a2aa7be4bb637d6fd522232869d3d194769d985b886cdbf3cf87f0792f1cbc.vbs
- Size
  
  1.1MB
- MD5
  
  57a36968f0c63c5a762009b942b97815
- SHA1
  
  af02b89ba1d662e9c5623e44d65a1fa62820acea
- SHA256
  
  05a2aa7be4bb637d6fd522232869d3d194769d985b886cdbf3cf87f0792f1cbc
- SHA512
  
  50f4b31a8f3c07357808d0c73e2e21321fbb9cb0e7fd9098bbeb0012c96abb9ee4998bafec78ac209971dda3b40262af04874cf99f2f5c5f670205109a7f691b
- SSDEEP
  
  12288:X31cvBzbU01qal638iNX3iTMgmuYtWN/ZgMiQPeRjcY:XYz64+2SjcY
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2