General
-
Target
statement_Invoices_Reference-036364-MTRY__127KB_0002637483847.vbs.zip
-
Size
3KB
-
Sample
230717-2c6vtafa63
-
MD5
d3d588c8d4ab5de738a685aaf1e66e4c
-
SHA1
d4538041c771a99057e26c04515cc96f29826c59
-
SHA256
6b08992898504c5bdde66ecc9ab7f7056f47ecb03c6933f499ffe57ad5d7284a
-
SHA512
f70de5c36bb7a3b8f1571307ad1b7289879ab12fa06161d04e3d4ce8d346d2a7de10c17b601eba99e9be94868ea9a89cd546c34c63c7662c76c5d2fbd6f06593
Static task
static1
Behavioral task
behavioral1
Sample
statement_Invoices_Reference-036364-MTRY__127KB_0002637483847.vbs
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
statement_Invoices_Reference-036364-MTRY__127KB_0002637483847.vbs
-
Size
5KB
-
MD5
ce677ec8d31b4ec16a5d5002ffa6d879
-
SHA1
cdcd03d24a82444ad65b92b66998e73cfd7e6d86
-
SHA256
dcd26e9ef9f50646f285a1b577e077cf2d0d33d0c7eab174034fee6f33a234d9
-
SHA512
4d8ff9dc4291fd39a1e408afb8b76428d52a63357b4e2b8d28b408bfbefd6b62106149f714b802d58d9fa56989da024215ff721d8faa1445426401ed5a0f4f53
-
SSDEEP
96:iZnw976Pn5oqr0GSIiC2NlDrx1gDS26xcWNGTip1b:vqFjAlXxO+S61b
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-