Overview

overview

8

Static

static

1

3d1f8e84ac...06.vbs

windows7-x64

8

3d1f8e84ac...06.vbs

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3d1f8e84ac3d21f1f63d6a2147fb8aea48b65d98af4be970f23d218a6869a106.vbs

  • Size

    1.1MB

  • Sample

    240601-ybllpscg6y

  • MD5

    495f3ebb32bab86fbc66f4cd401fb35a

  • SHA1

    e8b691c923a4ef8c07662178267a81042789e274

  • SHA256

    3d1f8e84ac3d21f1f63d6a2147fb8aea48b65d98af4be970f23d218a6869a106

  • SHA512

    b35fdf199813896f21f38fb92d60bd58e21f2089f17691b873c19b30d4c61f2b18b422424dc06bdbb97fd0403e515dc404ddd06541170ccedae51f4a16adac9c

  • SSDEEP

    12288:m31cvBzbU01qal638iNX3iTMgmuYtWN/ZgMiQPeRjO:mYz64+2SjO

Score
8/10
persistence

Malware Config

Targets

    • Target

      3d1f8e84ac3d21f1f63d6a2147fb8aea48b65d98af4be970f23d218a6869a106.vbs

    • Size

      1.1MB

    • MD5

      495f3ebb32bab86fbc66f4cd401fb35a

    • SHA1

      e8b691c923a4ef8c07662178267a81042789e274

    • SHA256

      3d1f8e84ac3d21f1f63d6a2147fb8aea48b65d98af4be970f23d218a6869a106

    • SHA512

      b35fdf199813896f21f38fb92d60bd58e21f2089f17691b873c19b30d4c61f2b18b422424dc06bdbb97fd0403e515dc404ddd06541170ccedae51f4a16adac9c

    • SSDEEP

      12288:m31cvBzbU01qal638iNX3iTMgmuYtWN/ZgMiQPeRjO:mYz64+2SjO

    Score
    8/10
    persistence

    • Adds policy Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks