Overview

overview

7

Static

static

1

Device/Har...d..vbs

windows7-x64

6

Device/Har...d..vbs

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rolvepgqld..vbs

  • Size

    6KB

  • Sample

    240701-e59e3swfkg

  • MD5

    adc9b91bfd685823f831cb149a4b162f

  • SHA1

    9ed18df7933da490283c6981270dca26c7d0e2dc

  • SHA256

    a53ca96d00ce81b10989b473807bfc56f440a7c355bde08b0cb26dcfd6bf3278

  • SHA512

    847752d39a27f007f10e30d3e15296346e9acfd4e4945e68b31876b578a2cdfef5b7f805f878bf622c62644e566bc636240d9859458fb43dd37f0018e906b961

  • SSDEEP

    96:NdLYaIwYeBUCU14Tqt+C+QskJdcP2z/n8HFUiQxbDxLlzWUMsuNu7sC9Fh7:NCReLHTE++d0HFUXVpWUMA7sC9b

Score
7/10
persistence

Malware Config

Targets

    • Target

      Device/HarddiskVolume3/Users/nabiljazmawi/AppData/Local/Temp/rolvepgqld..vbs

    • Size

      19KB

    • MD5

      3bffe0527cbdf160ad0b51588579c3da

    • SHA1

      92652d4d1381bd7d550bf355f400886067903a40

    • SHA256

      b78d56aa02ce5a1b953df9a14f7483b72423d03be4c463b444a53caffd61ce8b

    • SHA512

      d8e3611d1e1192bc6d4cf87be926c7f0e98caeb371690ca4ebf66be56ff62a98bc61203cf01a7381e31ab3720fb0de9ffe3ea040a286050a3208a7cfde5ad969

    • SSDEEP

      384:Pn/crgS6pDX157RI/P+pMvsPy7qFye/PLFmIOXEwJ0LGTqUNfQXDm:P/5JMvsPy2Js/WkmDm

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks