General
-
Target
f48dd920d2b31ee4f8426123f991b390023ad8b23f40d511101690781f3a8924.vbs
-
Size
7.2MB
-
Sample
240613-cj7m9a1apd
-
MD5
00d8988b8332c979cd4be1a1b81adc94
-
SHA1
f50db2050c871f3cfe544dd95460a316e66c5465
-
SHA256
f48dd920d2b31ee4f8426123f991b390023ad8b23f40d511101690781f3a8924
-
SHA512
c27713a3cabc4749e36aa1889bcf875e12190890d9f62cefcaa113dd4e5ccb502148c26046205e094d320d0a1b3f00bd2dbc602742b2cd582cdb467439e7e229
-
SSDEEP
24576:itXptXZVkm5hwGV1VxOtXXtXjtXWtXktXvtXytXdtXEtXdtXStXhtX5tXStXhtXs:cf0NBoWlc72783P8XFTULrWgga
Static task
static1
Behavioral task
behavioral1
Sample
f48dd920d2b31ee4f8426123f991b390023ad8b23f40d511101690781f3a8924.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f48dd920d2b31ee4f8426123f991b390023ad8b23f40d511101690781f3a8924.vbs
Resource
win10v2004-20240611-en
Malware Config
Extracted
https://rentry.co/5xo7akcm/raw
Targets
-
-
Target
f48dd920d2b31ee4f8426123f991b390023ad8b23f40d511101690781f3a8924.vbs
-
Size
7.2MB
-
MD5
00d8988b8332c979cd4be1a1b81adc94
-
SHA1
f50db2050c871f3cfe544dd95460a316e66c5465
-
SHA256
f48dd920d2b31ee4f8426123f991b390023ad8b23f40d511101690781f3a8924
-
SHA512
c27713a3cabc4749e36aa1889bcf875e12190890d9f62cefcaa113dd4e5ccb502148c26046205e094d320d0a1b3f00bd2dbc602742b2cd582cdb467439e7e229
-
SSDEEP
24576:itXptXZVkm5hwGV1VxOtXXtXjtXWtXktXvtXytXdtXEtXdtXStXhtX5tXStXhtXs:cf0NBoWlc72783P8XFTULrWgga
Score10/10-
Detects executables packed with ConfuserEx Mod
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-