General
-
Target
taskbroker.vbs
-
Size
3KB
-
Sample
250330-zwvksayrx9
-
MD5
ec056bdc0223f3f5df9ae591cba9b24c
-
SHA1
0f1688d29ef4d471664e5091b378250b3bea2805
-
SHA256
af65072fd228a47cc3e8a8d1461688c1b53c2ec91949b472decba4d97289253b
-
SHA512
2e0ae2af69b93cd6dd27aab7d8a04f02db6b2dc7a47d50e1ee9e91cd5461733bb8176dd0ed696ecb77a7514541db7449eacf43d07a933c8c8e0c82897eff0ac4
Malware Config
Targets
-
-
Target
taskbroker.vbs
-
Size
3KB
-
MD5
ec056bdc0223f3f5df9ae591cba9b24c
-
SHA1
0f1688d29ef4d471664e5091b378250b3bea2805
-
SHA256
af65072fd228a47cc3e8a8d1461688c1b53c2ec91949b472decba4d97289253b
-
SHA512
2e0ae2af69b93cd6dd27aab7d8a04f02db6b2dc7a47d50e1ee9e91cd5461733bb8176dd0ed696ecb77a7514541db7449eacf43d07a933c8c8e0c82897eff0ac4
Score10/10-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
UAC bypass
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
3Windows Service
3