General
-
Target
UPS_Bill_of_lading_291098829T_28_06_2024_000000_pdf.vbs
-
Size
187KB
-
Sample
240628-m3d56awblf
-
MD5
390112d76dc2b8ef98de61363c2bd2ea
-
SHA1
467811ef0dbaebc381e8c18ed248aa6339a35a83
-
SHA256
561072bf60c33ed6cfc54afc54024edc70f09ef75d8b4ccd08be30aa118b8e72
-
SHA512
1e6ec942c13e1da2b152049f4601e17f9e1150ac1d842b857c47c1ca88cccb61d6a9620521b6726534dbb0d0dc6e27afe159c6ca966c4cb264312a056b7574ec
-
SSDEEP
3072:9mN8GGebKjeK3ubth+DCFxKCvBB/WnHPP1w/sLJFJ281QIHz1y8mNy7Ey1MgKTZT:908GxbKja3+DCbKCvBB/WnHXC/sLJFJI
Static task
static1
Behavioral task
behavioral1
Sample
UPS_Bill_of_lading_291098829T_28_06_2024_000000_pdf.vbs
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
UPS_Bill_of_lading_291098829T_28_06_2024_000000_pdf.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
UPS_Bill_of_lading_291098829T_28_06_2024_000000_pdf.vbs
-
Size
187KB
-
MD5
390112d76dc2b8ef98de61363c2bd2ea
-
SHA1
467811ef0dbaebc381e8c18ed248aa6339a35a83
-
SHA256
561072bf60c33ed6cfc54afc54024edc70f09ef75d8b4ccd08be30aa118b8e72
-
SHA512
1e6ec942c13e1da2b152049f4601e17f9e1150ac1d842b857c47c1ca88cccb61d6a9620521b6726534dbb0d0dc6e27afe159c6ca966c4cb264312a056b7574ec
-
SSDEEP
3072:9mN8GGebKjeK3ubth+DCFxKCvBB/WnHPP1w/sLJFJ281QIHz1y8mNy7Ey1MgKTZT:908GxbKja3+DCbKCvBB/WnHXC/sLJFJI
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-