General
-
Target
8028ef562bc9d2bd5035279b7cfd2abbd59ffb292b67a5a431379e2e5aa4b380.vbs
-
Size
187KB
-
Sample
240630-bn2gcs1ere
-
MD5
7b1d4760615cc6bb3cc9219eb1468965
-
SHA1
a4a57a4155fcd8351a1423134fc60df55769466d
-
SHA256
8028ef562bc9d2bd5035279b7cfd2abbd59ffb292b67a5a431379e2e5aa4b380
-
SHA512
49f9045ab51ab2aa7bbb2e76355c18616325af02d4b7a2374eb59d82a3bd9d081e773b96f8c5d78718a9e67acd9b47e8c5cc08e83a59e514b8179c0c91ddaaa1
-
SSDEEP
3072:ImN8GGebKjeK3ubth+DCFxKCvBB/WnHPP1w/sLJFJ281QIHz1y8mNy7Ey1MgKTZl:I08GxbKja3+DCbKCvBB/WnHXC/sLJFJw
Static task
static1
Behavioral task
behavioral1
Sample
8028ef562bc9d2bd5035279b7cfd2abbd59ffb292b67a5a431379e2e5aa4b380.vbs
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8028ef562bc9d2bd5035279b7cfd2abbd59ffb292b67a5a431379e2e5aa4b380.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
8028ef562bc9d2bd5035279b7cfd2abbd59ffb292b67a5a431379e2e5aa4b380.vbs
-
Size
187KB
-
MD5
7b1d4760615cc6bb3cc9219eb1468965
-
SHA1
a4a57a4155fcd8351a1423134fc60df55769466d
-
SHA256
8028ef562bc9d2bd5035279b7cfd2abbd59ffb292b67a5a431379e2e5aa4b380
-
SHA512
49f9045ab51ab2aa7bbb2e76355c18616325af02d4b7a2374eb59d82a3bd9d081e773b96f8c5d78718a9e67acd9b47e8c5cc08e83a59e514b8179c0c91ddaaa1
-
SSDEEP
3072:ImN8GGebKjeK3ubth+DCFxKCvBB/WnHPP1w/sLJFJ281QIHz1y8mNy7Ey1MgKTZl:I08GxbKja3+DCbKCvBB/WnHXC/sLJFJw
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-