General

  • Target

    trigger.vbs

  • Size

    2KB

  • Sample

    240815-1mn73s1cnk

  • MD5

    9bb9f585f3bf5350429098d6afa62bbb

  • SHA1

    681dfa1ddebdd1e6918bf3c7c954b53320950e3f

  • SHA256

    ca58403c597e504a8b9100c7bffaf2b42f2be21a925eb5dc3f93bb7638d6e15e

  • SHA512

    ece0f5bd08de3990bdc1b778cb70e992bb6aefc343e69705a293d49874ec52ee7a4541c687b40b9424b0c4562eda18237762f48bbd55d4b0956c164189422101

Malware Config

Targets

    • Target

      trigger.vbs

    • Size

      2KB

    • MD5

      9bb9f585f3bf5350429098d6afa62bbb

    • SHA1

      681dfa1ddebdd1e6918bf3c7c954b53320950e3f

    • SHA256

      ca58403c597e504a8b9100c7bffaf2b42f2be21a925eb5dc3f93bb7638d6e15e

    • SHA512

      ece0f5bd08de3990bdc1b778cb70e992bb6aefc343e69705a293d49874ec52ee7a4541c687b40b9424b0c4562eda18237762f48bbd55d4b0956c164189422101

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Modifies file permissions

    • Modifies system executable filetype association

MITRE ATT&CK Enterprise v15

Tasks