General
-
Target
801b5e73f7824b75f2af42a0ecb466cde6855b5d8e5e31d3009ec3af8ca39308.vbs
-
Size
2KB
-
Sample
241102-g11cqaykbw
-
MD5
41aa2d51c499e17d2ce51106a85f3d69
-
SHA1
fa84618e62625683fcfd6828112a485d450bb903
-
SHA256
801b5e73f7824b75f2af42a0ecb466cde6855b5d8e5e31d3009ec3af8ca39308
-
SHA512
2ae8c881e36b5b09fed593d4a1ad7b10201575c0cb67368ae954a5789451660faa0f5a8ef37888afdd53ea2f724e17824a678dc87f0ac5532363eb4ea05ee3aa
Malware Config
Targets
-
-
Target
801b5e73f7824b75f2af42a0ecb466cde6855b5d8e5e31d3009ec3af8ca39308.vbs
-
Size
2KB
-
MD5
41aa2d51c499e17d2ce51106a85f3d69
-
SHA1
fa84618e62625683fcfd6828112a485d450bb903
-
SHA256
801b5e73f7824b75f2af42a0ecb466cde6855b5d8e5e31d3009ec3af8ca39308
-
SHA512
2ae8c881e36b5b09fed593d4a1ad7b10201575c0cb67368ae954a5789451660faa0f5a8ef37888afdd53ea2f724e17824a678dc87f0ac5532363eb4ea05ee3aa
Score8/10-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1