General
-
Target
archivo3.vbs
-
Size
26KB
-
Sample
241206-y2al5avpht
-
MD5
77eb1c375c533e113eda1ec49482306d
-
SHA1
2ad13bce885c0564563f38e9bf89300de2ff9c37
-
SHA256
d777e35f6d9f6738e7971edc703456bbaf4d103802c829bba6fdf34efeb6b09f
-
SHA512
adfe60f03bff6ca4272183a7c37f5394a68f774b1ed29faa2f56b6c00ec80e63ae47f53629fbf8130673ea3e97d9165a42bb985407a121d1bb0cfd668c53cdb7
-
SSDEEP
384:VmK2JJzEYbBb11111VzNMth9Y7hp7h4UO/KtvviXV0rgvlFR:QK2JJzbBFMthK73Y/KtvvkV0kvlX
Static task
static1
Behavioral task
behavioral1
Sample
archivo3.vbs
Resource
win10ltsc2021-20241023-es
Malware Config
Extracted
latentbot
the11industrious.zapto.org
Targets
-
-
Target
archivo3.vbs
-
Size
26KB
-
MD5
77eb1c375c533e113eda1ec49482306d
-
SHA1
2ad13bce885c0564563f38e9bf89300de2ff9c37
-
SHA256
d777e35f6d9f6738e7971edc703456bbaf4d103802c829bba6fdf34efeb6b09f
-
SHA512
adfe60f03bff6ca4272183a7c37f5394a68f774b1ed29faa2f56b6c00ec80e63ae47f53629fbf8130673ea3e97d9165a42bb985407a121d1bb0cfd668c53cdb7
-
SSDEEP
384:VmK2JJzEYbBb11111VzNMth9Y7hp7h4UO/KtvviXV0rgvlFR:QK2JJzbBFMthK73Y/KtvvkV0kvlX
Score10/10-
Latentbot family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Blocklisted process makes network request
-
A potential corporate email address has been identified in the URL: vlibras-portal@dev
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-