General

  • Target

    target.vbs

  • Size

    1015B

  • Sample

    241001-vex75atgle

  • MD5

    078db06662fafd7cae63b52486eb2895

  • SHA1

    210204f4ff91af54ef57628810dad684e74ce30b

  • SHA256

    5692eae941716274cde446cc705879cb6f5ee8bb49b56e1d68e069a73fde493c

  • SHA512

    66696bfc73b88d8b7521bc429b3e9170b49d709a1be44709ce9026f551dcf2fae100330531ff523752d84d5023e7a8531e381f039c9ccd7b3d0daf8edac6c4e0

Malware Config

Targets

    • Target

      target.vbs

    • Size

      1015B

    • MD5

      078db06662fafd7cae63b52486eb2895

    • SHA1

      210204f4ff91af54ef57628810dad684e74ce30b

    • SHA256

      5692eae941716274cde446cc705879cb6f5ee8bb49b56e1d68e069a73fde493c

    • SHA512

      66696bfc73b88d8b7521bc429b3e9170b49d709a1be44709ce9026f551dcf2fae100330531ff523752d84d5023e7a8531e381f039c9ccd7b3d0daf8edac6c4e0

    • Renames multiple (169) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Drops desktop.ini file(s)

    • Network Share Discovery

      Attempt to gather information on host network.

MITRE ATT&CK Enterprise v15

Tasks