General
-
Target
af8e905368962cfb4873c41a77b4515c.bin
-
Size
12KB
-
Sample
240703-djfefathpc
-
MD5
a2afd9e3d91f4396c362cf90fa341393
-
SHA1
093f28ad3cf1f42d66b28cb79042bbed6a608cb8
-
SHA256
02ee6a0fb75133dfa9169d50379a9a770185ca5c27c068ff71a5652e2d39d13e
-
SHA512
2f216a9f670c1aa6bc4d0b5ca67ec3f756cedfa3ebbf46514fa232ba4a6646e247836958860b70505c286d27fdb68b6e6778d95ecd1d1f74b2d1532bf9a0da37
-
SSDEEP
192:Ys/ssOeECmpkOUxlFhA+ssLa1vlq+qRrtAbvl1EvCrWV4kwoNzjb4PRPA:Ys6eK5erLmc+/p1uCWvdT4dA
Static task
static1
Behavioral task
behavioral1
Sample
bde3493e67a6088d2d265ca765e9aba6f98cc45eb933d5f00f498ffac84711a3.vbs
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
bde3493e67a6088d2d265ca765e9aba6f98cc45eb933d5f00f498ffac84711a3.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
bde3493e67a6088d2d265ca765e9aba6f98cc45eb933d5f00f498ffac84711a3.vbs
-
Size
22KB
-
MD5
af8e905368962cfb4873c41a77b4515c
-
SHA1
577337de5d106e6b11225be7c362f33a8d5c0831
-
SHA256
bde3493e67a6088d2d265ca765e9aba6f98cc45eb933d5f00f498ffac84711a3
-
SHA512
8fca68d732a9db1a4a6d9b955a361a5bd37bdd7c994e9094b31799cc7c4c6448fc620d2bf8928532a261680c78e8e138f0b960d9fa630dfc0b4e51c7e756a9c2
-
SSDEEP
384:KlzV6m2So022lGP9V6+s0flKJpl/5ZrE5HVnS0Re7PIx+5lEPmgwwfEa+MCq22HX:6zSR022X/523S0e8xPPmra+Mq01N
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-