General
-
Target
FACTURA08798.Tar
-
Size
418KB
-
Sample
240624-qw6tdaybjm
-
MD5
280fb6d9bef71be8b72039a80251e6e1
-
SHA1
1d6a990f2781d26a37dd8efe8f8188cf2d8f58e6
-
SHA256
c7728da75004903710287196fe7b46281fcc671420ebbac44388605e1d9892be
-
SHA512
cc0ca16eec59e0f28ba5f233477b661324665cb920bea8de031268fda18da0f07670484c678bd39fe1faca0ea533719bdc4f791badfaa07b93379b59b7d285bd
-
SSDEEP
12288:IAir7L7jf9eIYWBOGgijWDocOCId74s8D:M7Re0BOviCDotCId7x8D
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA08798696.vbe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
FACTURA08798696.vbe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
FACTURA08798696.vbe
-
Size
646KB
-
MD5
877d62bb0a3ca04372a89f1fd63aa517
-
SHA1
abb9619743f94df8ee35bcb29e08a33f49acc91a
-
SHA256
411d7a0d9d268daa710bbd8af48825e3227be7ed743c50c68afc05b71a940e83
-
SHA512
072e1b5ebf6aa76ee374d94b5d9f066c3f2c922808a646768234bf8cae9c62b55a82fa4e18ab860f7ffb5b31a625619991feaa3a82bc8fc7a3712b38cbbcf7ae
-
SSDEEP
12288:NuXAeUMRwhbVmNmN7wNL4NBN3rNrx9V0NnNcN/v3gRN6fyNMNIN3NLojSAfp+J1/:T4Rwhb79SyV7R1AIJTaud62Q
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-