General

  • Target

    target.vbs

  • Size

    211B

  • Sample

    240809-yz8fdaxepq

  • MD5

    716039f593000e2f00dd287065df1fb9

  • SHA1

    d6003441653355e64e27deda069d1238c3f0abda

  • SHA256

    766027c771d1c3b89370d1d7022ea3542fb561011e6251ab3dda0913ff3666df

  • SHA512

    d784ae3072122ef6a5a85eb363e9faef1be9553d6fbb70d010bc945294852fb22184522d7deb120dd16fd6a4475f513c78e05460dac80a91b381cb80d7f4f9c9

Score
8/10

Malware Config

Targets

    • Target

      target.vbs

    • Size

      211B

    • MD5

      716039f593000e2f00dd287065df1fb9

    • SHA1

      d6003441653355e64e27deda069d1238c3f0abda

    • SHA256

      766027c771d1c3b89370d1d7022ea3542fb561011e6251ab3dda0913ff3666df

    • SHA512

      d784ae3072122ef6a5a85eb363e9faef1be9553d6fbb70d010bc945294852fb22184522d7deb120dd16fd6a4475f513c78e05460dac80a91b381cb80d7f4f9c9

    Score
    8/10
    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Drops file in System32 directory

    • Modifies termsrv.dll

      Commonly used to allow simultaneous RDP sessions.

MITRE ATT&CK Enterprise v15

Tasks