General

  • Target

    file.vbs

  • Size

    998B

  • Sample

    241001-vgfe4azgmk

  • MD5

    7a8d1f9e5e485683c25f1a8170538d8f

  • SHA1

    5623bb9d6d7f11f67d817e07c5ac75d3e14d03e9

  • SHA256

    39c8ccd2419b202937765877092462839cbfd3d7193faaac9d463c0d8924e5ad

  • SHA512

    5b96db20eeec22dbe6d5073fd79b6111f5635a45e2ff97776777156e41c99730f8efa11f6241bd1175658309343b354b5f66ab6a9f9d48df3ef3fc8cf3cb4a14

Malware Config

Targets

    • Target

      file.vbs

    • Size

      998B

    • MD5

      7a8d1f9e5e485683c25f1a8170538d8f

    • SHA1

      5623bb9d6d7f11f67d817e07c5ac75d3e14d03e9

    • SHA256

      39c8ccd2419b202937765877092462839cbfd3d7193faaac9d463c0d8924e5ad

    • SHA512

      5b96db20eeec22dbe6d5073fd79b6111f5635a45e2ff97776777156e41c99730f8efa11f6241bd1175658309343b354b5f66ab6a9f9d48df3ef3fc8cf3cb4a14

    • Renames multiple (9605) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Network Share Discovery

      Attempt to gather information on host network.

MITRE ATT&CK Enterprise v15

Tasks