General
-
Target
target.vbs
-
Size
211B
-
Sample
240809-yz8fdaxepq
-
MD5
716039f593000e2f00dd287065df1fb9
-
SHA1
d6003441653355e64e27deda069d1238c3f0abda
-
SHA256
766027c771d1c3b89370d1d7022ea3542fb561011e6251ab3dda0913ff3666df
-
SHA512
d784ae3072122ef6a5a85eb363e9faef1be9553d6fbb70d010bc945294852fb22184522d7deb120dd16fd6a4475f513c78e05460dac80a91b381cb80d7f4f9c9
Static task
static1
Behavioral task
behavioral1
Sample
target.vbs
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
target.vbs
-
Size
211B
-
MD5
716039f593000e2f00dd287065df1fb9
-
SHA1
d6003441653355e64e27deda069d1238c3f0abda
-
SHA256
766027c771d1c3b89370d1d7022ea3542fb561011e6251ab3dda0913ff3666df
-
SHA512
d784ae3072122ef6a5a85eb363e9faef1be9553d6fbb70d010bc945294852fb22184522d7deb120dd16fd6a4475f513c78e05460dac80a91b381cb80d7f4f9c9
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-