General
-
Target
0895ad5d19828edc6d17054edb6d9eebdec60e587167716f2271bd683290aaf8.vbs
-
Size
8KB
-
Sample
240427-bdhaqsfe93
-
MD5
d0d8e78e99c4c59061e7caa5d254e8e9
-
SHA1
f06eff42be48b3ff12d8597fc4a155a293ed4236
-
SHA256
0895ad5d19828edc6d17054edb6d9eebdec60e587167716f2271bd683290aaf8
-
SHA512
32541443ea184311f837a8f9e03d3c7bed2190d577309909482908bf32ee4552e2868ab413601c7ee3f555fe43a6687d7e5b7a88cc23a7c5d88f3710c937dd31
-
SSDEEP
192:CXa/1TKd7tWSdiIJ+qdNkV8pH6QM562IfDkyjFzx:CX21aIKvu8pHFt2chjVx
Malware Config
Targets
-
-
Target
0895ad5d19828edc6d17054edb6d9eebdec60e587167716f2271bd683290aaf8.vbs
-
Size
8KB
-
MD5
d0d8e78e99c4c59061e7caa5d254e8e9
-
SHA1
f06eff42be48b3ff12d8597fc4a155a293ed4236
-
SHA256
0895ad5d19828edc6d17054edb6d9eebdec60e587167716f2271bd683290aaf8
-
SHA512
32541443ea184311f837a8f9e03d3c7bed2190d577309909482908bf32ee4552e2868ab413601c7ee3f555fe43a6687d7e5b7a88cc23a7c5d88f3710c937dd31
-
SSDEEP
192:CXa/1TKd7tWSdiIJ+qdNkV8pH6QM562IfDkyjFzx:CX21aIKvu8pHFt2chjVx
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Detects executables built or packed with MPress PE compressor
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-