General
-
Target
25062024_0816_23062024_IMG56758938583095883593858835Blindehjemmet.7z
-
Size
12KB
-
Sample
240625-j6ghxa1gqn
-
MD5
36b26f6190ef25ccb47ca1b2401334b6
-
SHA1
9cf090600faddc071f4af7cab49c23e3ac137449
-
SHA256
3414295aa3bf71b66f8a86a5cc390fdb4669d2a2127f6b56cd91b535253b7008
-
SHA512
2465bba288713b8cf1f0ffcb991988a70fc71ef26a4e4fc5a2ea4e5c1dbe615fe98e5b69a38c25eb8dd1b621315f0a1f92e29bea66442ec00e53e54554f16189
-
SSDEEP
384:hTw4hhQFAVrF/HtPI9bQ2tvEL8Dzp1PdDy:hTMINw9p1E4Dzp1PZy
Static task
static1
Behavioral task
behavioral1
Sample
IMG56758938583095883593858835Blindehjemmet.vbs
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
IMG56758938583095883593858835Blindehjemmet.vbs
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
IMG56758938583095883593858835Blindehjemmet.vbs
-
Size
23KB
-
MD5
18a025babdc4df5cb74d565b1b93e1d6
-
SHA1
f9bd62d75f8fd2e8327eea6b324b1c5dd3d880f3
-
SHA256
7050385c9ecb2aa84c11b687149985e1aa7a6868d4f63f6b214271d238be956c
-
SHA512
ff5126bcedf8d7d2927160161ae2c4ecae9fe1f561d97135e92c35c96b111753045b9a6e74529f086083778fcd017ed958a5b8066cb4dd7243c0473ae566978b
-
SSDEEP
384:zDJcEgWPwf0ulPLLgoylkWz1vAaFYruA/du48nAv5PbK7L59LL/OF15JGty:zFcEgWIfttLKWs1v9erzdu48Av5PbIfU
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-