General
-
Target
FORM_VENDOR_DECLARATION_BANK_INFO.7z
-
Size
4KB
-
Sample
240826-rj5afsyhmk
-
MD5
236d571cf3e43e9a95d55ee3a6f3555a
-
SHA1
838919dd55ffbe380ed51e275646d0ebbaa0e630
-
SHA256
4bbc8b70e00b04913c72fffbfe4d3f15f327c29ec24f6e6cdb27bd78e7c3dc32
-
SHA512
d41752fbeac13d57bcf28b9cb6c73a86eece28b26a4f41c2ac755c876ac8f6c2b8ef4b3a69cba0cda4fb5d30d34124b6ce950dd34356d9639f09136161c6f3b4
-
SSDEEP
96:UNKeo8MjsJZM2VySa56X6Y31ZGfo49WhEWFRwXioOr:oRo8ZJZdVC01Yfo489SXi/
Static task
static1
Behavioral task
behavioral1
Sample
FORM_VENDOR_DECLARATION_BANK_INFO.vbe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
FORM_VENDOR_DECLARATION_BANK_INFO.vbe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
FORM_VENDOR_DECLARATION_BANK_INFO.vbe
-
Size
13KB
-
MD5
46a86b1e4d1136f04743b65d4c402b9f
-
SHA1
dc17d6fa8bdd838bf37efbbe60b8a169e3f794a3
-
SHA256
db7c3bb3fa1311b696574ba3048e627b3ce3298d911a5946972655433be476af
-
SHA512
5b7e79943a3d126b9879d34fd0c023e227477cb82b354855a81b4ca8b090d83a83ffbb3a1a7e63e5715ebccad3d42dc2e578ebd20b7fe5e8acf8a842d9d7f0b0
-
SSDEEP
384:9ECYUlp+y4DdVWrXDYifV9IG8TLtonspm:2yp+y4ZYv/fAG8TRoom
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-