General
-
Target
7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9.vbe
-
Size
30KB
-
Sample
240926-caewwazfqj
-
MD5
48ffdbe11975f3e1508cfc51c099afbc
-
SHA1
6c827054f0a9bb79595bd7e4dcdda8094474d8c8
-
SHA256
7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9
-
SHA512
007a6ac5ffae54e449658de043dfcd2a73788eec63f4952af82e18015d4b823868bfcd132b0306ebb3d31ae4ccd9286bb45dd2c4730002f3f5ce199e30e329ca
-
SSDEEP
192:3fgZfrE1HfkhjkKcokKa0TH7csFN/kugO48vbcQ0hmFI1NxK+UUftV/m4C4kRM58:38Zo6THFN/x48zP0w+1/84C4mb
Static task
static1
Behavioral task
behavioral1
Sample
7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9.vbe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9.vbe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9.vbe
-
Size
30KB
-
MD5
48ffdbe11975f3e1508cfc51c099afbc
-
SHA1
6c827054f0a9bb79595bd7e4dcdda8094474d8c8
-
SHA256
7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9
-
SHA512
007a6ac5ffae54e449658de043dfcd2a73788eec63f4952af82e18015d4b823868bfcd132b0306ebb3d31ae4ccd9286bb45dd2c4730002f3f5ce199e30e329ca
-
SSDEEP
192:3fgZfrE1HfkhjkKcokKa0TH7csFN/kugO48vbcQ0hmFI1NxK+UUftV/m4C4kRM58:38Zo6THFN/x48zP0w+1/84C4mb
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-