General
-
Target
awb_shipping_post_24062024224782020031808174CN1824062400000(991KB).vbs
-
Size
187KB
-
Sample
240625-nc45bszarp
-
MD5
71e6ad71e4958df129a87422066d1be1
-
SHA1
75e5f0176d44782d874e74411d72ec5dbe86660c
-
SHA256
b30bb2c67741afe2a5173337bd2acab5785c408cce2fbb84dc07a3c904f3f3c6
-
SHA512
c6217bdc6b15046be438f7367c28b4a1dded02181a0e0579ceba297b0e4cdf4b7256b0ed1e8cada6cb3555bd344d739b166b269b68a05f2e6c391d997b1d7832
-
SSDEEP
3072:fmN8GGebKjeK3ubth+DCFxKCvBB/WnHPP1w/sLJFJ281QIHz1y8mNy7Ey1MgKTZV:f08GxbKja3+DCbKCvBB/WnHXC/sLJFJ4
Static task
static1
Behavioral task
behavioral1
Sample
awb_shipping_post_24062024224782020031808174CN1824062400000(991KB).vbs
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
awb_shipping_post_24062024224782020031808174CN1824062400000(991KB).vbs
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
awb_shipping_post_24062024224782020031808174CN1824062400000(991KB).vbs
-
Size
187KB
-
MD5
71e6ad71e4958df129a87422066d1be1
-
SHA1
75e5f0176d44782d874e74411d72ec5dbe86660c
-
SHA256
b30bb2c67741afe2a5173337bd2acab5785c408cce2fbb84dc07a3c904f3f3c6
-
SHA512
c6217bdc6b15046be438f7367c28b4a1dded02181a0e0579ceba297b0e4cdf4b7256b0ed1e8cada6cb3555bd344d739b166b269b68a05f2e6c391d997b1d7832
-
SSDEEP
3072:fmN8GGebKjeK3ubth+DCFxKCvBB/WnHPP1w/sLJFJ281QIHz1y8mNy7Ey1MgKTZV:f08GxbKja3+DCbKCvBB/WnHXC/sLJFJ4
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-