General
-
Target
5ff48cae59e91a2c7cdeb79cecf1c55395eb97c78792dd0447ba43595510f219.vbs
-
Size
187KB
-
Sample
240627-bp1apaxflp
-
MD5
298320f7d69c921e9c7b012b9d5d1b18
-
SHA1
fdd4a9fb56b627744d813803fb98bbf741c32b36
-
SHA256
5ff48cae59e91a2c7cdeb79cecf1c55395eb97c78792dd0447ba43595510f219
-
SHA512
cb7648d505a222fcac46a4c20ed503bf6f168f7b321676f0fa6a99d7c8bf97a122965a460ea8d62efeed918e3a816c968a8e6e787abf8a66fb789b521a538457
-
SSDEEP
3072:3mN8GGebKjeK3ubth+DCFxKCvBB/WnHPP1w/sLJFJ281QIHz1y8mNy7Ey1MgKTZi:308GxbKja3+DCbKCvBB/WnHXC/sLJFJb
Static task
static1
Behavioral task
behavioral1
Sample
5ff48cae59e91a2c7cdeb79cecf1c55395eb97c78792dd0447ba43595510f219.vbs
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
5ff48cae59e91a2c7cdeb79cecf1c55395eb97c78792dd0447ba43595510f219.vbs
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
5ff48cae59e91a2c7cdeb79cecf1c55395eb97c78792dd0447ba43595510f219.vbs
-
Size
187KB
-
MD5
298320f7d69c921e9c7b012b9d5d1b18
-
SHA1
fdd4a9fb56b627744d813803fb98bbf741c32b36
-
SHA256
5ff48cae59e91a2c7cdeb79cecf1c55395eb97c78792dd0447ba43595510f219
-
SHA512
cb7648d505a222fcac46a4c20ed503bf6f168f7b321676f0fa6a99d7c8bf97a122965a460ea8d62efeed918e3a816c968a8e6e787abf8a66fb789b521a538457
-
SSDEEP
3072:3mN8GGebKjeK3ubth+DCFxKCvBB/WnHPP1w/sLJFJ281QIHz1y8mNy7Ey1MgKTZi:308GxbKja3+DCbKCvBB/WnHXC/sLJFJb
Score10/10-
Detects executables built or packed with MPress PE compressor
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-