Overview

overview

8

Static

static

1

Tender_pro...4_.vbs

windows7-x64

6

Tender_pro...4_.vbs

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21112024_0910_Tender_procurement_product_order__21_11_2024_.vbs.zip

  • Size

    10KB

  • Sample

    241121-k5bfya1jds

  • MD5

    5e7c09de7828e20e3d6446c7d4707731

  • SHA1

    a52ab95073087e20f3295416e9ac2ce3a4a3684c

  • SHA256

    d6d4f3700501be46a84da94af0de778f54ccfdabde68b649614de404aeeaa74b

  • SHA512

    9f1e75c2dd7a9310e4b7090c68b010b96ca55cba5484dc2b2d8f25647b79abd2019514a4a3cd5baec415827f5eb0ddb72cffcf61f6c80d31ebe2e23a411c9dc6

  • SSDEEP

    192:sXLFxKJg05RdscM21HeixE0k269FiXKvnPu/Q7YusHlGAyDmjrTUsRby:sXLOn/d+2d1k26WmGQ7EyDmj/Ny

Score
8/10
discoveryexecutionpersistence

Malware Config

Targets

    • Target

      Tender_procurement_product_order__21_11_2024_.vbs

    • Size

      28KB

    • MD5

      e287e89a039bac210a685df3a02acf18

    • SHA1

      f835a3e07e7e0343c8ef323365e94967b60eae1f

    • SHA256

      ca82b1e207de187c0e8f7ecf45397c1b2161f97a6ef7909616700c3bfc97aa10

    • SHA512

      93c29f68bab89ada12554bffd8822f9c7e90a5a69d9b4c9a49374c991236c8cc32bfb7c496e67abb2efe0f584a125cff58380eb46e73feb36fc1efdc657642ca

    • SSDEEP

      384:f9xA7f2VAt1fwEpk6RQ2LpnVYnZIRB87rNfSZyiLPTG3pKxR:f9x4+IwIQ2LlQZEBCrFlpKr

    Score
    8/10
    discoveryexecutionpersistence

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks