General

  • Target

    file.vbs

  • Size

    1012B

  • Sample

    241001-vdsw1szfjr

  • MD5

    f6bea0736a729346a2536a55cb2b7bb0

  • SHA1

    69e72cbb025c5b41a9fd3159c3999d924e30b3d6

  • SHA256

    2973c7f6a3fb1b01c55d1581837cb5f19e3427950f406a35fe32bf944a45e314

  • SHA512

    91804e4f3ac28e5be2b6b12c43e906611522a14bb1e4a042e396184e22afb316ba631ff9212456872185b6f3b716fe10d5106846774a4db4ee800ab10e6f1e5d

Malware Config

Targets

    • Target

      file.vbs

    • Size

      1012B

    • MD5

      f6bea0736a729346a2536a55cb2b7bb0

    • SHA1

      69e72cbb025c5b41a9fd3159c3999d924e30b3d6

    • SHA256

      2973c7f6a3fb1b01c55d1581837cb5f19e3427950f406a35fe32bf944a45e314

    • SHA512

      91804e4f3ac28e5be2b6b12c43e906611522a14bb1e4a042e396184e22afb316ba631ff9212456872185b6f3b716fe10d5106846774a4db4ee800ab10e6f1e5d

    • Renames multiple (7920) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Network Share Discovery

      Attempt to gather information on host network.

MITRE ATT&CK Enterprise v15

Tasks