General
-
Target
64acc721ccd028a8ddbef16799ddd074376bdf9358d16e1b33d91af4062ad581.vbs
-
Size
187KB
-
Sample
240630-bjpl1avcql
-
MD5
a658224accc9bc72909b9fecb935d185
-
SHA1
dcc72836dac07a5fdcf7b200d672939d4c5ac682
-
SHA256
64acc721ccd028a8ddbef16799ddd074376bdf9358d16e1b33d91af4062ad581
-
SHA512
1ee3cac91f3d44b29de172e3a3825b3d228f3f7a9f5259b0c2aca3959e4c07f4347d6b2e5aecf2c15fe47a4ff6ea474ed854ffd8683a7099f0d0ad18ee04de22
-
SSDEEP
3072:bmN8GGebKjeK3ubth+DCFxKCvBB/WnHPP1w/sLJFJ281QIHz1y8mNy7Ey1MgKTZV:b08GxbKja3+DCbKCvBB/WnHXC/sLJFJC
Static task
static1
Behavioral task
behavioral1
Sample
64acc721ccd028a8ddbef16799ddd074376bdf9358d16e1b33d91af4062ad581.vbs
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
64acc721ccd028a8ddbef16799ddd074376bdf9358d16e1b33d91af4062ad581.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
64acc721ccd028a8ddbef16799ddd074376bdf9358d16e1b33d91af4062ad581.vbs
-
Size
187KB
-
MD5
a658224accc9bc72909b9fecb935d185
-
SHA1
dcc72836dac07a5fdcf7b200d672939d4c5ac682
-
SHA256
64acc721ccd028a8ddbef16799ddd074376bdf9358d16e1b33d91af4062ad581
-
SHA512
1ee3cac91f3d44b29de172e3a3825b3d228f3f7a9f5259b0c2aca3959e4c07f4347d6b2e5aecf2c15fe47a4ff6ea474ed854ffd8683a7099f0d0ad18ee04de22
-
SSDEEP
3072:bmN8GGebKjeK3ubth+DCFxKCvBB/WnHPP1w/sLJFJ281QIHz1y8mNy7Ey1MgKTZV:b08GxbKja3+DCbKCvBB/WnHXC/sLJFJC
Score10/10-
Detects executables built or packed with MPress PE compressor
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-