General

  • Target

    trigger.vbs

  • Size

    3KB

  • Sample

    240815-1v1wvaxbnh

  • MD5

    56d290b7d22775476aa20306845b7beb

  • SHA1

    a0d76dade9062c13b7af7aea3895df77b06a382e

  • SHA256

    043b9354e954e13d551698f119ef69e5475af11a045fb1e2d6828d56f9ace1dc

  • SHA512

    64f12f3cff9a9aa0dd9b3688b1ed4c110867365df8a59368c5f05acaafcb6388278c62000084a916e3f54c9f0c79b5ec3c61b221b6a940a9ff7857ad0ac0c058

Malware Config

Targets

    • Target

      trigger.vbs

    • Size

      3KB

    • MD5

      56d290b7d22775476aa20306845b7beb

    • SHA1

      a0d76dade9062c13b7af7aea3895df77b06a382e

    • SHA256

      043b9354e954e13d551698f119ef69e5475af11a045fb1e2d6828d56f9ace1dc

    • SHA512

      64f12f3cff9a9aa0dd9b3688b1ed4c110867365df8a59368c5f05acaafcb6388278c62000084a916e3f54c9f0c79b5ec3c61b221b6a940a9ff7857ad0ac0c058

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Modifies file permissions

    • Modifies system executable filetype association

MITRE ATT&CK Enterprise v15

Tasks