General
-
Target
BL-RTM1439068.vbs
-
Size
9KB
-
Sample
240624-tb73gszgnc
-
MD5
f369abd236c71d5b1c89e2c7a2304548
-
SHA1
c0913ba6a19b4e136e76b07452ec400cf3870405
-
SHA256
a14d83525d5d0c6942f1c2b0f6998acddf472655d0f998b9614d2a70b8df54af
-
SHA512
0faf0fb26fbfd93c5cff91700f52c4d07124a212274e5e3cd5e6793a50d14b3519a365e2ce2715bfc5bc1ba9f19db585ba507e3a844d617310ca85339cf88305
-
SSDEEP
192:Gdnx4g3W2CfJysndF8+htnG/r9Tft+3k6xjlsbdWuHITjGaW/OqlDoUslStBGfX:TFgCwwAT9Tok6EmUOqJYl6BGfX
Static task
static1
Behavioral task
behavioral1
Sample
BL-RTM1439068.vbs
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
BL-RTM1439068.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
BL-RTM1439068.vbs
-
Size
9KB
-
MD5
f369abd236c71d5b1c89e2c7a2304548
-
SHA1
c0913ba6a19b4e136e76b07452ec400cf3870405
-
SHA256
a14d83525d5d0c6942f1c2b0f6998acddf472655d0f998b9614d2a70b8df54af
-
SHA512
0faf0fb26fbfd93c5cff91700f52c4d07124a212274e5e3cd5e6793a50d14b3519a365e2ce2715bfc5bc1ba9f19db585ba507e3a844d617310ca85339cf88305
-
SSDEEP
192:Gdnx4g3W2CfJysndF8+htnG/r9Tft+3k6xjlsbdWuHITjGaW/OqlDoUslStBGfX:TFgCwwAT9Tok6EmUOqJYl6BGfX
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-