Overview

overview

8

Static

static

1

vbs_template.vbs

windows7-x64

8

vbs_template.vbs

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    vbs_template.vbs

  • Size

    1KB

  • Sample

    240912-prqe6averq

  • MD5

    9c74fd653b6154556ba2eba0c196ce19

  • SHA1

    cf6425195600612b3384b32da8d3e46be6811b11

  • SHA256

    ce48a7a8c8dd5651153b73134892c96d85e2dddb18198fe1f1997f148118a462

  • SHA512

    e208fdad20af497f569fa088bbee29ff6eab5e9fd98cb22bbfcd48e5d2766c2d3d2e17764448f30cbf2af5678c9e2c4a1fdca94d21f516119bab4233ccab2c7b

Score
8/10
execution

Malware Config

Targets

    • Target

      vbs_template.vbs

    • Size

      1KB

    • MD5

      9c74fd653b6154556ba2eba0c196ce19

    • SHA1

      cf6425195600612b3384b32da8d3e46be6811b11

    • SHA256

      ce48a7a8c8dd5651153b73134892c96d85e2dddb18198fe1f1997f148118a462

    • SHA512

      e208fdad20af497f569fa088bbee29ff6eab5e9fd98cb22bbfcd48e5d2766c2d3d2e17764448f30cbf2af5678c9e2c4a1fdca94d21f516119bab4233ccab2c7b

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks