General
-
Target
01072024_1118_30062024_awb_shipping_post_01072024224782020031808174CN18010724000000124(991KB).7z
-
Size
12KB
-
Sample
240701-nerxsa1hqr
-
MD5
fa7d8b0088f10253f4fa1ffbfd782e9a
-
SHA1
0336fe36e63e955f8b8230a36eab0d21689fee39
-
SHA256
9fd53114801142518771a1acfa7836d42ce0d8fe0efd91a0880b02963ccd9782
-
SHA512
0bcf91a934f5b6d65f9c00488639f96e76aac6400e1787d1ce921478f9264bfb2d3dff82d0c38729335a6235540e25f782f3501eba36d0a730baea240b679145
-
SSDEEP
192:hPBidBloJTDo51PI7Na9mLyyFO2f1ALtO/8z4IdBzHpv77i+Rl:hQdBlUPU1PI7Nimxbfmtyebpviml
Static task
static1
Behavioral task
behavioral1
Sample
awb_shipping_post_01072024224782020031808174CN18010724000000124(991KB).vbs
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
awb_shipping_post_01072024224782020031808174CN18010724000000124(991KB).vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
awb_shipping_post_01072024224782020031808174CN18010724000000124(991KB).vbs
-
Size
22KB
-
MD5
a13172a0f0e7ac4d5f957050221d7e3f
-
SHA1
c81809f26230427879daf37de42163b1731018ad
-
SHA256
e8a3dc3bf71a6dbdc2ab8beb59a9b435626d67d1596a4dc4dbfbc7c8978e74f2
-
SHA512
52feaccccb0ff8973f8c7bff8f1ca450c57351978778590c67ec5bb91025aa99d8011819f315806d1f580b87883e0ab36717b2f61c913945b20685ca048f0ef2
-
SSDEEP
384:AlzV6m2So022lGP9V6+s0flKJpl/5ZrE5HVnS0Re7PIx+5lEPmgwwP4WUUWUfLsA:0zSR022X/523S0e8xPPm+K1hmrRWK
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-