General
-
Target
bed065aac49fea70993394b73504a0f53f6609c40b330c914910c7042ca938d1.vbs
-
Size
21KB
-
Sample
241106-d48lqavbrr
-
MD5
8d5dd9bf315ddce15fe2dac85e196250
-
SHA1
6e6b5c82e1dd6b59e5e175b00092e37db3191b7c
-
SHA256
bed065aac49fea70993394b73504a0f53f6609c40b330c914910c7042ca938d1
-
SHA512
b4f9b2c4048262ddc66fd2be6dc3447debaf41db4946ffbf29b27c0e235ec439db0637763efee6bdbb1f812a0de9104cd4765a428980a3373f4883c7f0a8b3f6
-
SSDEEP
384:teGbplStxYHQHSH7l+icHVn27vXQayXwA+9xQ+E6O:l2R2YJ+EF
Static task
static1
Behavioral task
behavioral1
Sample
bed065aac49fea70993394b73504a0f53f6609c40b330c914910c7042ca938d1.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bed065aac49fea70993394b73504a0f53f6609c40b330c914910c7042ca938d1.vbs
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
bed065aac49fea70993394b73504a0f53f6609c40b330c914910c7042ca938d1.vbs
-
Size
21KB
-
MD5
8d5dd9bf315ddce15fe2dac85e196250
-
SHA1
6e6b5c82e1dd6b59e5e175b00092e37db3191b7c
-
SHA256
bed065aac49fea70993394b73504a0f53f6609c40b330c914910c7042ca938d1
-
SHA512
b4f9b2c4048262ddc66fd2be6dc3447debaf41db4946ffbf29b27c0e235ec439db0637763efee6bdbb1f812a0de9104cd4765a428980a3373f4883c7f0a8b3f6
-
SSDEEP
384:teGbplStxYHQHSH7l+icHVn27vXQayXwA+9xQ+E6O:l2R2YJ+EF
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Blocklisted process makes network request
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
3File Deletion
3Modify Registry
6