Overview

overview

10

Static

static

1

7cbcd631a4...ac.vbs

windows7-x64

10

7cbcd631a4...ac.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7cbcd631a4e13b12f1577b073d66c0ff99a3b1d59589e8064cda7b1a06d7cfac.vbs

  • Size

    10KB

  • Sample

    241006-bnjxbashnh

  • MD5

    8e0172134b7f15992d6464767e423996

  • SHA1

    071ee6dec991cbf30c9535a9cc119742dc273206

  • SHA256

    7cbcd631a4e13b12f1577b073d66c0ff99a3b1d59589e8064cda7b1a06d7cfac

  • SHA512

    350a56053a31ab1d4231cba01c4f84d9fae371dcf979ad1d7c334b92b428f1105e2ef447296ce1db0c6ddb64b9ee1f0d8db4398754d5a898f2eb163a6b451ba1

  • SSDEEP

    96:c8LFHzb+U5X4wrqqeH+5YoieyzgJABJ/fxrQsuO3zKA6pT8dmbTij+aUSH:cmFmU5KHJVerJABRu6N1dmnh8H

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://github.com/darkZeusWeb/loadersoft/raw/refs/heads/main/stubInf.exe

Targets

    • Target

      7cbcd631a4e13b12f1577b073d66c0ff99a3b1d59589e8064cda7b1a06d7cfac.vbs

    • Size

      10KB

    • MD5

      8e0172134b7f15992d6464767e423996

    • SHA1

      071ee6dec991cbf30c9535a9cc119742dc273206

    • SHA256

      7cbcd631a4e13b12f1577b073d66c0ff99a3b1d59589e8064cda7b1a06d7cfac

    • SHA512

      350a56053a31ab1d4231cba01c4f84d9fae371dcf979ad1d7c334b92b428f1105e2ef447296ce1db0c6ddb64b9ee1f0d8db4398754d5a898f2eb163a6b451ba1

    • SSDEEP

      96:c8LFHzb+U5X4wrqqeH+5YoieyzgJABJ/fxrQsuO3zKA6pT8dmbTij+aUSH:cmFmU5KHJVerJABRu6N1dmnh8H

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks