General
-
Target
b1475086f2f81e2aca88d89cb0620f04e8d0b0a20b956821a0d2efe1b65ce060.vbs
-
Size
80KB
-
Sample
241002-bxbx3azhkq
-
MD5
a510a741cf02891a5ae7268b7b92b9b8
-
SHA1
2740b1d3da34dab2396388ebb2c97763a3164ce5
-
SHA256
b1475086f2f81e2aca88d89cb0620f04e8d0b0a20b956821a0d2efe1b65ce060
-
SHA512
f8b09143c1fde918ef01c508c781af213c934d332956c43acbaba6116cd3d3874db8315d1e15eeb8da33e52fc0898569b8c95a5540051be3de48731cf89fb091
-
SSDEEP
1536:sjYl/iQZBql+3LAtEhHt1TtcjQ+yztqwT7C25jmiS8ybyf:sjYB7ZAoHCyzMy75y2f
Malware Config
Targets
-
-
Target
b1475086f2f81e2aca88d89cb0620f04e8d0b0a20b956821a0d2efe1b65ce060.vbs
-
Size
80KB
-
MD5
a510a741cf02891a5ae7268b7b92b9b8
-
SHA1
2740b1d3da34dab2396388ebb2c97763a3164ce5
-
SHA256
b1475086f2f81e2aca88d89cb0620f04e8d0b0a20b956821a0d2efe1b65ce060
-
SHA512
f8b09143c1fde918ef01c508c781af213c934d332956c43acbaba6116cd3d3874db8315d1e15eeb8da33e52fc0898569b8c95a5540051be3de48731cf89fb091
-
SSDEEP
1536:sjYl/iQZBql+3LAtEhHt1TtcjQ+yztqwT7C25jmiS8ybyf:sjYB7ZAoHCyzMy75y2f
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Network Service Discovery
Attempt to gather information on host's network.
-