General
-
Target
7050385c9ecb2aa84c11b687149985e1aa7a6868d4f63f6b214271d238be956c.vbs
-
Size
23KB
-
Sample
240625-bw1vsswgkn
-
MD5
18a025babdc4df5cb74d565b1b93e1d6
-
SHA1
f9bd62d75f8fd2e8327eea6b324b1c5dd3d880f3
-
SHA256
7050385c9ecb2aa84c11b687149985e1aa7a6868d4f63f6b214271d238be956c
-
SHA512
ff5126bcedf8d7d2927160161ae2c4ecae9fe1f561d97135e92c35c96b111753045b9a6e74529f086083778fcd017ed958a5b8066cb4dd7243c0473ae566978b
-
SSDEEP
384:zDJcEgWPwf0ulPLLgoylkWz1vAaFYruA/du48nAv5PbK7L59LL/OF15JGty:zFcEgWIfttLKWs1v9erzdu48Av5PbIfU
Static task
static1
Behavioral task
behavioral1
Sample
7050385c9ecb2aa84c11b687149985e1aa7a6868d4f63f6b214271d238be956c.vbs
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7050385c9ecb2aa84c11b687149985e1aa7a6868d4f63f6b214271d238be956c.vbs
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
7050385c9ecb2aa84c11b687149985e1aa7a6868d4f63f6b214271d238be956c.vbs
-
Size
23KB
-
MD5
18a025babdc4df5cb74d565b1b93e1d6
-
SHA1
f9bd62d75f8fd2e8327eea6b324b1c5dd3d880f3
-
SHA256
7050385c9ecb2aa84c11b687149985e1aa7a6868d4f63f6b214271d238be956c
-
SHA512
ff5126bcedf8d7d2927160161ae2c4ecae9fe1f561d97135e92c35c96b111753045b9a6e74529f086083778fcd017ed958a5b8066cb4dd7243c0473ae566978b
-
SSDEEP
384:zDJcEgWPwf0ulPLLgoylkWz1vAaFYruA/du48nAv5PbK7L59LL/OF15JGty:zFcEgWIfttLKWs1v9erzdu48Av5PbIfU
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-