General
-
Target
mal.vbs
-
Size
23KB
-
Sample
240809-pqs5navbjc
-
MD5
c697283f6d4effbc73365f1e6ce56754
-
SHA1
35f538451885c8d0ab49431df3e6d78deadb4bbe
-
SHA256
c5eaf4973b45ebcb1e10afc0f49d5b84c4d4214103c4b77a0263a6510f2d9ac0
-
SHA512
c5699a35e1c1b9a28dcc96088e8ff07e625436d0a6bcb0a869f13dff998fb4fcef02f15d275c8f1064a4d2685cd349ff80f506d7db69bcd72049e209922fac79
-
SSDEEP
384:oAuL8pGgtbsDFC70X0kNMthfiFQS/Lo/GY0XkUoJbG3gYgd1YQ+gNIINVS0AgAxw:LuL8pbsZCiMthqFQOLo/GY0L4p2O5d4Q
Static task
static1
Behavioral task
behavioral1
Sample
mal.vbs
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
mal.vbs
Resource
win10v2004-20240802-en
Malware Config
Extracted
latentbot
j46y565i34wru.zapto.org
Targets
-
-
Target
mal.vbs
-
Size
23KB
-
MD5
c697283f6d4effbc73365f1e6ce56754
-
SHA1
35f538451885c8d0ab49431df3e6d78deadb4bbe
-
SHA256
c5eaf4973b45ebcb1e10afc0f49d5b84c4d4214103c4b77a0263a6510f2d9ac0
-
SHA512
c5699a35e1c1b9a28dcc96088e8ff07e625436d0a6bcb0a869f13dff998fb4fcef02f15d275c8f1064a4d2685cd349ff80f506d7db69bcd72049e209922fac79
-
SSDEEP
384:oAuL8pGgtbsDFC70X0kNMthfiFQS/Lo/GY0XkUoJbG3gYgd1YQ+gNIINVS0AgAxw:LuL8pbsZCiMthqFQOLo/GY0L4p2O5d4Q
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1