General
-
Target
411d7a0d9d268daa710bbd8af48825e3227be7ed743c50c68afc05b71a940e83.vbe
-
Size
646KB
-
Sample
240625-bqys9asfqb
-
MD5
877d62bb0a3ca04372a89f1fd63aa517
-
SHA1
abb9619743f94df8ee35bcb29e08a33f49acc91a
-
SHA256
411d7a0d9d268daa710bbd8af48825e3227be7ed743c50c68afc05b71a940e83
-
SHA512
072e1b5ebf6aa76ee374d94b5d9f066c3f2c922808a646768234bf8cae9c62b55a82fa4e18ab860f7ffb5b31a625619991feaa3a82bc8fc7a3712b38cbbcf7ae
-
SSDEEP
12288:NuXAeUMRwhbVmNmN7wNL4NBN3rNrx9V0NnNcN/v3gRN6fyNMNIN3NLojSAfp+J1/:T4Rwhb79SyV7R1AIJTaud62Q
Static task
static1
Behavioral task
behavioral1
Sample
411d7a0d9d268daa710bbd8af48825e3227be7ed743c50c68afc05b71a940e83.vbe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
411d7a0d9d268daa710bbd8af48825e3227be7ed743c50c68afc05b71a940e83.vbe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
411d7a0d9d268daa710bbd8af48825e3227be7ed743c50c68afc05b71a940e83.vbe
-
Size
646KB
-
MD5
877d62bb0a3ca04372a89f1fd63aa517
-
SHA1
abb9619743f94df8ee35bcb29e08a33f49acc91a
-
SHA256
411d7a0d9d268daa710bbd8af48825e3227be7ed743c50c68afc05b71a940e83
-
SHA512
072e1b5ebf6aa76ee374d94b5d9f066c3f2c922808a646768234bf8cae9c62b55a82fa4e18ab860f7ffb5b31a625619991feaa3a82bc8fc7a3712b38cbbcf7ae
-
SSDEEP
12288:NuXAeUMRwhbVmNmN7wNL4NBN3rNrx9V0NnNcN/v3gRN6fyNMNIN3NLojSAfp+J1/:T4Rwhb79SyV7R1AIJTaud62Q
-
Detects executables built or packed with MPress PE compressor
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-