General
-
Target
9e5c10bf783b3464206583c6d3a18631e76394b4ee51e481a6552abb16bfc559.zip
-
Size
12KB
-
Sample
240702-b7xyaasaqb
-
MD5
31cd15d851515bffe5e8b0188fcb9761
-
SHA1
4165d09bdda195c746d7bc6470a4aa90b1aeba98
-
SHA256
9e5c10bf783b3464206583c6d3a18631e76394b4ee51e481a6552abb16bfc559
-
SHA512
90316ff483fb4bc327111f06ea0884a047c403439992f40c944801f9bb9429cd5dab89ccef14fc5be2ec8cee2f14f7f02957c9616e5b6a41e2b272271ec80467
-
SSDEEP
192:SgfCrjvUk9omjeP3BYJYTMtPZaL1pIcH2i9vagmC73VjnqQ1btd5FAyz:tCrjvUMvjueoAkgcWOaaVRxDz
Static task
static1
Behavioral task
behavioral1
Sample
TOP URGENT PURCHASE ORDER SHEET & SPECIFICATIONS.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TOP URGENT PURCHASE ORDER SHEET & SPECIFICATIONS.vbs
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
TOP URGENT PURCHASE ORDER SHEET & SPECIFICATIONS.vbs
-
Size
22KB
-
MD5
003c272edd6f7cf2b08bfc98d1d48c7c
-
SHA1
a6ee590e3b81dbbce6e550c6dba9256c76cd4e21
-
SHA256
78e63f6cc614c9dcc77c0c6b8fc6088ce89533d7c05b66b7732904ad6bc886d6
-
SHA512
4a251916c7e5bef128493ca4f9c303288d9f5934f763f5c383ebf99a671686359cacd977913260ed1c6a3c2e4df36a57873bf4620f7395a70d7eb1b82deb3213
-
SSDEEP
384:clzV6m2So022lGP9V6+s0flKJpl/5ZrE5HVnS0Re7PIx+5lEPmgww5Bpg3KU7a4i:ozSR022X/523S0e8xPPmKpgY4Rr0j
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-