General

  • Target

    file.vbs

  • Size

    1KB

  • Sample

    240809-zxrwaaygmn

  • MD5

    3479b565b371774da0b6ef6e504a5a52

  • SHA1

    a4fb717b74c008468419697a8ed387503e69291b

  • SHA256

    6d811ce895dd0383e794cef00804d44104196fb5bd263305fb3f10be77f24711

  • SHA512

    7e1fcb0ae5c451bd9c50cdd4c5beeecbcbf3d270f25bbea28b17408e24dd6cbb2252a210e0c5fe258d8b9d065bfde84e3c2853ce24289a64fe146d4432bbe382

Malware Config

Targets

    • Target

      file.vbs

    • Size

      1KB

    • MD5

      3479b565b371774da0b6ef6e504a5a52

    • SHA1

      a4fb717b74c008468419697a8ed387503e69291b

    • SHA256

      6d811ce895dd0383e794cef00804d44104196fb5bd263305fb3f10be77f24711

    • SHA512

      7e1fcb0ae5c451bd9c50cdd4c5beeecbcbf3d270f25bbea28b17408e24dd6cbb2252a210e0c5fe258d8b9d065bfde84e3c2853ce24289a64fe146d4432bbe382

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

MITRE ATT&CK Enterprise v15

Tasks