General
-
Target
7af58069fd2ceb8da1a60644649787b738b2d41ef32a385f1e1e8711bfba0b7b
-
Size
724KB
-
Sample
240518-xdjdpahg5s
-
MD5
8a9e78bb8236c5f5d99e6f93be86115a
-
SHA1
079265e295095e6626324c45b3a6362b804cd119
-
SHA256
7af58069fd2ceb8da1a60644649787b738b2d41ef32a385f1e1e8711bfba0b7b
-
SHA512
cc4d362d67f0eee74f8f035bc3d3db10455695db819ce3bb782ef6ac2a795cd389a0db56b5d53126826a7fa4bf62edb54a66eabe1c60c32b11b4ba5b628ae01e
-
SSDEEP
6144:AsyS5Hz0L9jTGquGSqCG2NPnbY/0M7xxMldTSsp3vraSEPW/snrOLNC51gdQl7VD:gCRT+WPxm3pfqiMwc/MVqAd+27
Static task
static1
Behavioral task
behavioral1
Sample
7af58069fd2ceb8da1a60644649787b738b2d41ef32a385f1e1e8711bfba0b7b.vbs
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
7af58069fd2ceb8da1a60644649787b738b2d41ef32a385f1e1e8711bfba0b7b.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
7af58069fd2ceb8da1a60644649787b738b2d41ef32a385f1e1e8711bfba0b7b
-
Size
724KB
-
MD5
8a9e78bb8236c5f5d99e6f93be86115a
-
SHA1
079265e295095e6626324c45b3a6362b804cd119
-
SHA256
7af58069fd2ceb8da1a60644649787b738b2d41ef32a385f1e1e8711bfba0b7b
-
SHA512
cc4d362d67f0eee74f8f035bc3d3db10455695db819ce3bb782ef6ac2a795cd389a0db56b5d53126826a7fa4bf62edb54a66eabe1c60c32b11b4ba5b628ae01e
-
SSDEEP
6144:AsyS5Hz0L9jTGquGSqCG2NPnbY/0M7xxMldTSsp3vraSEPW/snrOLNC51gdQl7VD:gCRT+WPxm3pfqiMwc/MVqAd+27
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-