Overview

overview

8

Static

static

1

3e5033d36f...28.vbs

windows7-x64

8

3e5033d36f...28.vbs

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    3e5033d36f886c3aa8fa319381307dcb9aeeafda49a3d0dd6334f5433f35ea28.vbs

  • Size

    1.1MB

  • Sample

    240604-bn3pesgb3s

  • MD5

    67f4de0d4b0f309660d46318c6b83a11

  • SHA1

    fa931f9e93b0defb42ad0c3046d7356dc1e9c6bd

  • SHA256

    3e5033d36f886c3aa8fa319381307dcb9aeeafda49a3d0dd6334f5433f35ea28

  • SHA512

    f7373111edbd586ddd67c5fb7e08942a88a1488e991fb0b0c89594f71c37ea5ec2379c0a626f4adb4e69df091cf11f72890b1835638daff6832869b90ddd9169

  • SSDEEP

    12288:p31cvBzbU01qal638iNX3iTMgmuYtWN/ZgMiQPeRjoU4:pYz64+2Sjo5

Score
8/10

Malware Config

Targets

    • Target

      3e5033d36f886c3aa8fa319381307dcb9aeeafda49a3d0dd6334f5433f35ea28.vbs

    • Size

      1.1MB

    • MD5

      67f4de0d4b0f309660d46318c6b83a11

    • SHA1

      fa931f9e93b0defb42ad0c3046d7356dc1e9c6bd

    • SHA256

      3e5033d36f886c3aa8fa319381307dcb9aeeafda49a3d0dd6334f5433f35ea28

    • SHA512

      f7373111edbd586ddd67c5fb7e08942a88a1488e991fb0b0c89594f71c37ea5ec2379c0a626f4adb4e69df091cf11f72890b1835638daff6832869b90ddd9169

    • SSDEEP

      12288:p31cvBzbU01qal638iNX3iTMgmuYtWN/ZgMiQPeRjoU4:pYz64+2Sjo5

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks