77e5c0683c26d723d3b77057d3d871de78ac53791b9e0645c6cebe6382445367 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

77e5c0683c26d723d3b77057d3d871de78ac53791b9e0645c6cebe6382445367_JC.vbs
Size

919KB
Sample

231004-wmhm3sff56
MD5

ee946e93f18e575bcf3ff98e56bbe68a
SHA1

46311852176490aab500b4a6123d4bf3c3b8c7be
SHA256

77e5c0683c26d723d3b77057d3d871de78ac53791b9e0645c6cebe6382445367
SHA512

a72b4c7ae6e6a6aa978b4184daccc433a3e6a996206b946d3e4603244eb827f693f618b547a5c74da09684d5178e4d6f2efb755bd4fada06da97154daed6842a
SSDEEP

12288:+fzcnw77llR8xPUQ/trpUm+18+vuCkAtuYsJZRrcarBjqEiZRwyboFFMpY8wjJme:+fzc6Bb8xF/o1VqzjNeRjYMpYZdmYpj

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  77e5c0683c26d723d3b77057d3d871de78ac53791b9e0645c6cebe6382445367_JC.vbs
- Size
  
  919KB
- MD5
  
  ee946e93f18e575bcf3ff98e56bbe68a
- SHA1
  
  46311852176490aab500b4a6123d4bf3c3b8c7be
- SHA256
  
  77e5c0683c26d723d3b77057d3d871de78ac53791b9e0645c6cebe6382445367
- SHA512
  
  a72b4c7ae6e6a6aa978b4184daccc433a3e6a996206b946d3e4603244eb827f693f618b547a5c74da09684d5178e4d6f2efb755bd4fada06da97154daed6842a
- SSDEEP
  
  12288:+fzcnw77llR8xPUQ/trpUm+18+vuCkAtuYsJZRrcarBjqEiZRwyboFFMpY8wjJme:+fzc6Bb8xF/o1VqzjNeRjYMpYZdmYpj
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2