General
-
Target
VDF645425140pdf.vbs
-
Size
25KB
-
Sample
240904-r3t9lascnr
-
MD5
f758726ca8e3639be7fb0ff04a7a8c4a
-
SHA1
14d882ba6389b41a57f012c409080d7d1e872ac7
-
SHA256
049feb6dcf68c869a98bf8fe7fe64434e8e27c18954a290094d636ac0bb2be23
-
SHA512
23961d2ad2057c002c69cb78a801f0b044752acd8cbbe9905aca11ef9ccea1149a8c211c893d71917589ad9d5e1ba2853df59a97b3824cafbcdee1060947124e
-
SSDEEP
384:iinVweRHN57gFx1JMhH1HxE2OUZrBclg0tMlDNtjwsLwi+eRrs+hNXusOKSqILB7:iiYgKXpDcqQo
Malware Config
Targets
-
-
Target
VDF645425140pdf.vbs
-
Size
25KB
-
MD5
f758726ca8e3639be7fb0ff04a7a8c4a
-
SHA1
14d882ba6389b41a57f012c409080d7d1e872ac7
-
SHA256
049feb6dcf68c869a98bf8fe7fe64434e8e27c18954a290094d636ac0bb2be23
-
SHA512
23961d2ad2057c002c69cb78a801f0b044752acd8cbbe9905aca11ef9ccea1149a8c211c893d71917589ad9d5e1ba2853df59a97b3824cafbcdee1060947124e
-
SSDEEP
384:iinVweRHN57gFx1JMhH1HxE2OUZrBclg0tMlDNtjwsLwi+eRrs+hNXusOKSqILB7:iiYgKXpDcqQo
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-