General
-
Target
FACTURA08798696.vbe
-
Size
646KB
-
Sample
240624-qmskdsxfnp
-
MD5
877d62bb0a3ca04372a89f1fd63aa517
-
SHA1
abb9619743f94df8ee35bcb29e08a33f49acc91a
-
SHA256
411d7a0d9d268daa710bbd8af48825e3227be7ed743c50c68afc05b71a940e83
-
SHA512
072e1b5ebf6aa76ee374d94b5d9f066c3f2c922808a646768234bf8cae9c62b55a82fa4e18ab860f7ffb5b31a625619991feaa3a82bc8fc7a3712b38cbbcf7ae
-
SSDEEP
12288:NuXAeUMRwhbVmNmN7wNL4NBN3rNrx9V0NnNcN/v3gRN6fyNMNIN3NLojSAfp+J1/:T4Rwhb79SyV7R1AIJTaud62Q
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA08798696.vbe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
FACTURA08798696.vbe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
FACTURA08798696.vbe
-
Size
646KB
-
MD5
877d62bb0a3ca04372a89f1fd63aa517
-
SHA1
abb9619743f94df8ee35bcb29e08a33f49acc91a
-
SHA256
411d7a0d9d268daa710bbd8af48825e3227be7ed743c50c68afc05b71a940e83
-
SHA512
072e1b5ebf6aa76ee374d94b5d9f066c3f2c922808a646768234bf8cae9c62b55a82fa4e18ab860f7ffb5b31a625619991feaa3a82bc8fc7a3712b38cbbcf7ae
-
SSDEEP
12288:NuXAeUMRwhbVmNmN7wNL4NBN3rNrx9V0NnNcN/v3gRN6fyNMNIN3NLojSAfp+J1/:T4Rwhb79SyV7R1AIJTaud62Q
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-