General
-
Target
doc-r25-210341853.lzh
-
Size
6KB
-
Sample
240521-m8246sbd3y
-
MD5
20f2349a3773984feb25b06739bf3c29
-
SHA1
f6f99623b30438321291db46c92204cb08e89131
-
SHA256
e326b641ae9ba609906dc1079074644e57dc2709c710321465d86af51117284e
-
SHA512
f562519740ccc6b22981728dd1a3c4244c92ea2841b609bde743c74632db5588c26d5740e3303d2a5f5844d6a7354a133d023da3a4470ba8e067b2b634bc0250
-
SSDEEP
192:LZbKJhBezaMlj/Tl3AiTR9IXKFxQZ94MkQQdg:cbyaMZ/TlfdaAWQ2
Static task
static1
Behavioral task
behavioral1
Sample
doc-r25-210341853.vbs
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
doc-r25-210341853.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
doc-r25-210341853.vbs
-
Size
15KB
-
MD5
3ed6d6263087df6acb50d383f9646c77
-
SHA1
3d11f3a396909f4bdda0b8b8bb7ef6b8abbad17c
-
SHA256
7c9097341df9125478424c57b39c394062838aaa04bcc5725cd4a49a3b3555d9
-
SHA512
e5ce4ee9fb452025cff79e23c3f335fe8b34dce4e5b315e258815212ac9cd929881c690a95d397deec0c635a0115c4eb176b557e2e877449e9a9116f8dc99f64
-
SSDEEP
192:3Kyq8AvxRaqxtLpoMPpzkd/5Bpt0yPPGEIv97BreF56xrkoAD+h0nVJ:ayqlZRzmMxI19PGn9kF0xrgD+m
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-