Overview

overview

10

Static

static

mat.vbs

windows7_x64

10

mat.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mat.vbs

  • Size

    7KB

  • Sample

    200731-mtg2ayqw1a

  • MD5

    3f4f53a5a18c6b737d649b011dd6b9a1

  • SHA1

    1848f72d0e23e721f3307a1ce2673f5d127b7032

  • SHA256

    2a09c15cbdf630ca762a9baa8cffd71fdeeb9195f1ed0bcf1aab4d46afdb13dc

  • SHA512

    97084c79f55bbd8f7d26df7b581a48cc81d9b5ef4b96cc26df505701b3f22bb179de6519157c83c8d00ef4b21f197fe7488ee40d7a1272bd3227113f692ae1ed

Score
10/10
persistence

Malware Config

Targets

    • Target

      mat.vbs

    • Size

      7KB

    • MD5

      3f4f53a5a18c6b737d649b011dd6b9a1

    • SHA1

      1848f72d0e23e721f3307a1ce2673f5d127b7032

    • SHA256

      2a09c15cbdf630ca762a9baa8cffd71fdeeb9195f1ed0bcf1aab4d46afdb13dc

    • SHA512

      97084c79f55bbd8f7d26df7b581a48cc81d9b5ef4b96cc26df505701b3f22bb179de6519157c83c8d00ef4b21f197fe7488ee40d7a1272bd3227113f692ae1ed

    Score
    10/10
    persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks