General
-
Target
24cf2fb7a16835406fbb8110f7728d06.bin
-
Size
96KB
-
Sample
240628-cw9clsweqd
-
MD5
7f5c915e4adf4bed5c7d6b29548a4f19
-
SHA1
b344d8c31e887c26e70569eddefe55fc632e81a9
-
SHA256
1e048a31bbae946fa9e0f8ec97fcc43732b396c9a5a1b58d3ac3e8562a34fd51
-
SHA512
be6e35d4d4ce11f115cd483c7b10a5de38bfa5e412ebda711e35fa03491a4c7e1ab9600b16029bc10e351e45564a09f0d550481016def975ca65f271fe877a53
-
SSDEEP
1536:2F5FjcZxaUsX90amvWRf6kwhJHcaLzFSqdFZpiINfLlUmqURmWppneG66rkMMum9:2Ho/sggwHTRhoigURmWpcG6PxulA0Anf
Static task
static1
Behavioral task
behavioral1
Sample
c6264b70bc76be0d3d1d461e357db3b0fa9397fd7fd70740824dea2663abf4c0.vbs
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
c6264b70bc76be0d3d1d461e357db3b0fa9397fd7fd70740824dea2663abf4c0.vbs
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
c6264b70bc76be0d3d1d461e357db3b0fa9397fd7fd70740824dea2663abf4c0.vbs
-
Size
186KB
-
MD5
24cf2fb7a16835406fbb8110f7728d06
-
SHA1
c86b83506bcd6e6a5e72dd59b80f6d73fe7acd1c
-
SHA256
c6264b70bc76be0d3d1d461e357db3b0fa9397fd7fd70740824dea2663abf4c0
-
SHA512
85c37a37fd4e63f9add57055f65f887c5f21f37ff66caae518508b2e0e815a9daa14db8dbbf6dfa8162cb127d2d7f834d61c17dd707da8caf396cf46075ed936
-
SSDEEP
3072:5mN8GGebKjeK3ubth+DCFxKCvBB/WnHPP1w/sLJFJ281QIHz1y8mNy7Ey1MgKTZw:508GxbKja3+DCbKCvBB/WnHXC/sLJFJD
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-