Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * ID: 1460
- * MalFamily: "TrojanVBS"
- * MalScore: 8.5
- * File Name: "Genscape Australia.vbs"
- * File Size: 1706857
- * File Type: "ASCII text, with very long lines"
- * SHA256: "3b59c2476def1a17c6be01fc7c864f71a0605dcb6d92d30b4a3f9c739d59d168"
- * MD5: "d46f3a6c72b5cc424c432ad910c47777"
- * SHA1: "a69e360d22903573b3bc829be1f517df2d2d414c"
- * SHA512: "6f25b84ade0f82a5f163e05afecd150413a7de34ac66761c5ef08b26de97a223df8c9989d8a637e7b6bfdcb118bfcb7a411519e806ca89e127305cdb815d6cf0"
- * CRC32: "E0D5BBD2"
- * SSDEEP: "49152:PTVNqlK0c1sPpNlyBCrh7ucAU8/Tn6EwtFHpR:y"
- * Process Execution:
- "wscript.exe"
- * Executed Commands:
- * Signatures Detected:
- "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
- "Details":
- "IP_ioc": "205.185.117.146:443 (United States)"
- "Description": "File has been identified by 2 Antiviruses on VirusTotal as malicious",
- "Details":
- "NANO-Antivirus": "Trojan.Script.ExpKit.fugogz"
- "Qihoo-360": "virus.vbs.crypt.c"
- "Description": "Stack pivoting was detected when using a critical API",
- "Details":
- "process": "wscript.exe:2944"
- "Description": "Attempts to create or modify system certificates",
- "Details":
- * Started Service:
- * Mutexes:
- * Modified Files:
- "C:\\Users\\user\\AppData\\Local\\Temp\\TableOfColors.exe"
- * Deleted Files:
- * Modified Registry Keys:
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\\Blob"
- * Deleted Registry Keys:
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13"
- * DNS Communications:
- "type": "A",
- "request": "thebaptistfoundationofcalifornia.com",
- "answers":
- "data": "205.185.117.146",
- "type": "A"
- * Domains:
- "ip": "205.185.117.146",
- "domain": "thebaptistfoundationofcalifornia.com"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- "country_name": "United States",
- "ip": "205.185.117.146",
- "inaddrarpa": "",
- "hostname": "thebaptistfoundationofcalifornia.com"
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement