General

  • Target

    faa03936b40a379b52895f3428e73eccca7dc7b9c0a31defe7a737b0c9ba0936.vbs

  • Size

    95KB

  • Sample

    240613-cqabbs1clg

  • MD5

    7759975571aadd5c40c81d077a55f866

  • SHA1

    e93287f10b2e09af33d44dc13f4725d052a69450

  • SHA256

    faa03936b40a379b52895f3428e73eccca7dc7b9c0a31defe7a737b0c9ba0936

  • SHA512

    2ffd8da885031ea520b97c0513a5e18a60e685b11c8338648bb152caabc727e0eb6deebe120105a0d89bdef8245d862e1de542176e4e355c1e0d23bf083b5e7b

  • SSDEEP

    384:LSoM9DNc4gyK3zIlGnyxIcptRD2HUy+j6UBPl26:/8xc4gyKDIsyp3RD20yj8PlL

Score
8/10

Malware Config

Targets

    • Target

      faa03936b40a379b52895f3428e73eccca7dc7b9c0a31defe7a737b0c9ba0936.vbs

    • Size

      95KB

    • MD5

      7759975571aadd5c40c81d077a55f866

    • SHA1

      e93287f10b2e09af33d44dc13f4725d052a69450

    • SHA256

      faa03936b40a379b52895f3428e73eccca7dc7b9c0a31defe7a737b0c9ba0936

    • SHA512

      2ffd8da885031ea520b97c0513a5e18a60e685b11c8338648bb152caabc727e0eb6deebe120105a0d89bdef8245d862e1de542176e4e355c1e0d23bf083b5e7b

    • SSDEEP

      384:LSoM9DNc4gyK3zIlGnyxIcptRD2HUy+j6UBPl26:/8xc4gyKDIsyp3RD20yj8PlL

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks