General
-
Target
bcd66ce1c9d8d1123249ef8240a6e7ef32662aaa897845e866627ee69b28dff1.vbs
-
Size
26KB
-
Sample
240703-czv96ashjc
-
MD5
43fe0e9069047cb153a3e86508d5a6ca
-
SHA1
bb5431130b0b3441b9eda1e54bad3f56eb49f04c
-
SHA256
bcd66ce1c9d8d1123249ef8240a6e7ef32662aaa897845e866627ee69b28dff1
-
SHA512
6816a9e7626d87afe7211780e6d3312e21400c165f4160149ad57bab61c504458fe133adf8d6467724fa2b148c2d762e4203b4b6d2e0630ad2f109c460827571
-
SSDEEP
384:HlzV6m2So022lGP9V6+s0flKJpl/5ZrE5HVnS0Re7PIx+5lEPmgww779O7LWJRMv:FzSR022X/523S0e8xPPmE9VIFj3W+N
Static task
static1
Behavioral task
behavioral1
Sample
bcd66ce1c9d8d1123249ef8240a6e7ef32662aaa897845e866627ee69b28dff1.vbs
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
bcd66ce1c9d8d1123249ef8240a6e7ef32662aaa897845e866627ee69b28dff1.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
bcd66ce1c9d8d1123249ef8240a6e7ef32662aaa897845e866627ee69b28dff1.vbs
-
Size
26KB
-
MD5
43fe0e9069047cb153a3e86508d5a6ca
-
SHA1
bb5431130b0b3441b9eda1e54bad3f56eb49f04c
-
SHA256
bcd66ce1c9d8d1123249ef8240a6e7ef32662aaa897845e866627ee69b28dff1
-
SHA512
6816a9e7626d87afe7211780e6d3312e21400c165f4160149ad57bab61c504458fe133adf8d6467724fa2b148c2d762e4203b4b6d2e0630ad2f109c460827571
-
SSDEEP
384:HlzV6m2So022lGP9V6+s0flKJpl/5ZrE5HVnS0Re7PIx+5lEPmgww779O7LWJRMv:FzSR022X/523S0e8xPPmE9VIFj3W+N
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-