59484500d6689a0d348e98a1cebbc82890ef6f74d1d29b79f50b93044c47130a | Triage

Submit
Reports

Overview

overview

8

Static

static

1

code.vbs

windows11-21h2-x64

8

Sharing

General

Target

code.vbs
Size

138B
Sample

240701-jx4bbateql
MD5

aa27e16196356a7a5aa78b64999218d2
SHA1

de063717be7fd93954701897c4949bb20997a385
SHA256

59484500d6689a0d348e98a1cebbc82890ef6f74d1d29b79f50b93044c47130a
SHA512

3d50ef189a59df40626f6d3ee52aeea6421fe7486d2937eec0987348637f23cf2737a0aff6832080499fca1c32a192204e555353c64851d6b1a3cbaaf3eb5f0f

Score

8^/10

Static task

static1

Behavioral task

behavioral1

Sample

code.vbs

Resource

win11-20240508-en

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  code.vbs
- Size
  
  138B
- MD5
  
  aa27e16196356a7a5aa78b64999218d2
- SHA1
  
  de063717be7fd93954701897c4949bb20997a385
- SHA256
  
  59484500d6689a0d348e98a1cebbc82890ef6f74d1d29b79f50b93044c47130a
- SHA512
  
  3d50ef189a59df40626f6d3ee52aeea6421fe7486d2937eec0987348637f23cf2737a0aff6832080499fca1c32a192204e555353c64851d6b1a3cbaaf3eb5f0f
Score

8^/10
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
- Drops file in System32 directory
- Modifies termsrv.dll
  Commonly used to allow simultaneous RDP sessions.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Remote Services

Remote Desktop Protocol

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy