2020-04-02 - VBS-BASED MALWARE INFECTION

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2020-04-02-VBS-based-malware-IOCs.txt.zip   2.1 kB (2,144 bytes)
• 2020-04-02-VBS-based-malware-infection-traffic.pcap.zip   214 kB (214,323 bytes)
• 2020-04-02-VBS-based-malware-and-artifacts.zip   81.5 kB (81,458 bytes)
• 2020-04-02-collection-of-15-similar-zip-archives.zip   773 kB (773,102 bytes)

 

IMAGES

Shown above:  Example from one of the zip archives and its extracted VBS file.

 

Shown above:  Traffic from an infection filtered in Wireshark.

 

Shown above:  Artifacts seen in the infected user's AppData\Local\Temp folder during this infection..

 

Shown above:  Scheduled task to keep this infection persistent.

 

Click here to return to the main page.