31c409ec86ac6e73be5f6732ce850313111c9b41dafeb1a06e63e82c408da79d | Triage

Submit
Reports

Overview

overview

Static

static

1

Ref#501032.vbe

windows7-x64

8

Ref#501032.vbe

windows10-2004-x64

Sharing

General

Target

Ref#501032.vbe
Size

10KB
Sample

241119-rqphkswrcv
MD5

86ff8bd6d9735bf01c8f6189f4ad1002
SHA1

d6c3a4c31b8be503380490454ff2e5d8a8d65d9e
SHA256

31c409ec86ac6e73be5f6732ce850313111c9b41dafeb1a06e63e82c408da79d
SHA512

b658e1764d8e42c3d670f22593bbb6ad9a5ef2177ba1668ee009859a80023718cc173d6b3a801198742f392170dddd4bd85fb94ef0cceec225b9d6c6557fb73f
SSDEEP

192:9h1VLVXWk2P9VDxvTNjYAYFPKf7zXnGD7XbmcDXMpekKiK:jRWfPNxjYAy67zXnq3mJpG

Score

10^/10

collection discovery

Static task

static1

Behavioral task

behavioral1

Sample

Ref#501032.vbe

Resource

win7-20240903-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ref#501032.vbe

Resource

win10v2004-20241007-en

collection discovery

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
jertcot.shop
Port:
587
Username:
[email protected]
Password:
VVNrTTiP

Targets

- Target
  
  Ref#501032.vbe
- Size
  
  10KB
- MD5
  
  86ff8bd6d9735bf01c8f6189f4ad1002
- SHA1
  
  d6c3a4c31b8be503380490454ff2e5d8a8d65d9e
- SHA256
  
  31c409ec86ac6e73be5f6732ce850313111c9b41dafeb1a06e63e82c408da79d
- SHA512
  
  b658e1764d8e42c3d670f22593bbb6ad9a5ef2177ba1668ee009859a80023718cc173d6b3a801198742f392170dddd4bd85fb94ef0cceec225b9d6c6557fb73f
- SSDEEP
  
  192:9h1VLVXWk2P9VDxvTNjYAYFPKf7zXnGD7XbmcDXMpekKiK:jRWfPNxjYAy67zXnq3mJpG
Score

10^/10

collection discovery
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

collectiondiscovery

© 2018-2025

Terms | Privacy