General
-
Target
TOP URGENT PURCHASE ORDER SHEET & SPECIFICATIONS.vbs
-
Size
22KB
-
Sample
240701-qdrxhawhnp
-
MD5
003c272edd6f7cf2b08bfc98d1d48c7c
-
SHA1
a6ee590e3b81dbbce6e550c6dba9256c76cd4e21
-
SHA256
78e63f6cc614c9dcc77c0c6b8fc6088ce89533d7c05b66b7732904ad6bc886d6
-
SHA512
4a251916c7e5bef128493ca4f9c303288d9f5934f763f5c383ebf99a671686359cacd977913260ed1c6a3c2e4df36a57873bf4620f7395a70d7eb1b82deb3213
-
SSDEEP
384:clzV6m2So022lGP9V6+s0flKJpl/5ZrE5HVnS0Re7PIx+5lEPmgww5Bpg3KU7a4i:ozSR022X/523S0e8xPPmKpgY4Rr0j
Static task
static1
Behavioral task
behavioral1
Sample
TOP URGENT PURCHASE ORDER SHEET & SPECIFICATIONS.vbs
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
TOP URGENT PURCHASE ORDER SHEET & SPECIFICATIONS.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
TOP URGENT PURCHASE ORDER SHEET & SPECIFICATIONS.vbs
-
Size
22KB
-
MD5
003c272edd6f7cf2b08bfc98d1d48c7c
-
SHA1
a6ee590e3b81dbbce6e550c6dba9256c76cd4e21
-
SHA256
78e63f6cc614c9dcc77c0c6b8fc6088ce89533d7c05b66b7732904ad6bc886d6
-
SHA512
4a251916c7e5bef128493ca4f9c303288d9f5934f763f5c383ebf99a671686359cacd977913260ed1c6a3c2e4df36a57873bf4620f7395a70d7eb1b82deb3213
-
SSDEEP
384:clzV6m2So022lGP9V6+s0flKJpl/5ZrE5HVnS0Re7PIx+5lEPmgww5Bpg3KU7a4i:ozSR022X/523S0e8xPPmKpgY4Rr0j
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-