c3ba69620a9b80965c03c27a27abbb57c4babfb63d915bbead5ea5277c9a364b | Triage

Submit
Reports

Overview

overview

9

Static

static

1

New Order_...24.vbe

windows7-x64

8

New Order_...24.vbe

windows10-2004-x64

9

Sharing

General

Target

19092024_0638_New Order_Sept2024.vbe.gz
Size

4KB
Sample

240919-hd4masvgnb
MD5

cace9852f351841fb250197c08939165
SHA1

afd9668d3ed2aef2134a2fc81f3be23d33eb6a8b
SHA256

c3ba69620a9b80965c03c27a27abbb57c4babfb63d915bbead5ea5277c9a364b
SHA512

c3264b348ff7a8ccf063f68d92a2234ce9ad0719c24f53594d340eede9731aba879fc1415a69df8a1d709314541fe58c4de264d155ff5f1fd73fc53a21c368f5
SSDEEP

96:YQ+4gKXQdFvEFj2ErwDV561QFsNrldKDIVAEyxkIZSZ8/x8NAUqO3:X+4gKXQdE60Yz6War4JS5Ziafv3

Score

9^/10

credential_access discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

New Order_Sept2024.vbe

Resource

win7-20240903-en

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

New Order_Sept2024.vbe

Resource

win10v2004-20240802-en

credential_access discovery stealer

windows10-2004-x64

21 signatures

300 seconds

Malware Config

Targets

- Target
  
  New Order_Sept2024.vbe
- Size
  
  12KB
- MD5
  
  01ad59d70871354c051f21b786d587d2
- SHA1
  
  19a0ea0c09319345cb1f168d004a340514fdf36c
- SHA256
  
  a80a80f6ffe799ac7b9cd41ba6cf36bc6a5bac15584b9f02820e8f0fc2f7ed37
- SHA512
  
  189a668fc23aeb6762060c9fce461d36fc41766c0c8d48b9a2f6ea90949293e96e4578e29a93ace461bdc79a20a36b116d268755e3f77fa2e4059ac25e3a7519
- SSDEEP
  
  384:SlEpga/4dPJuUMk3xsOP4NHw/Xjj+ysMcWbC:SqNWJUk3AHwPjaNiC
Score

9^/10

credential_access discovery stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

credential_accessdiscoverystealer

© 2018-2025

Terms | Privacy