ac8087b133a1022287bb8aad082e1fd0b669509289a5ef5f2e17714de7acfb5b | Triage

Sharing

General

Target

vbc.exe
Size

444KB
Sample

200630-nypwphzh9s
MD5

c66f665b6e12b556e6c90b52af988edc
SHA1

58060b2ab7c2441aeb29a034c48fc190c9789281
SHA256

ac8087b133a1022287bb8aad082e1fd0b669509289a5ef5f2e17714de7acfb5b
SHA512

7a18c04db5e2a35477429568b86890b56e8e9a9c46f11283069a07305759411769727edb1f0c392920fc8d546659957b75cfb78fc26f1cf53d6550c048a80ae4

Score

8^/10

evasion persistence spyware trojan

Malware Config

Targets

- Target
  
  vbc.exe
- Size
  
  444KB
- MD5
  
  c66f665b6e12b556e6c90b52af988edc
- SHA1
  
  58060b2ab7c2441aeb29a034c48fc190c9789281
- SHA256
  
  ac8087b133a1022287bb8aad082e1fd0b669509289a5ef5f2e17714de7acfb5b
- SHA512
  
  7a18c04db5e2a35477429568b86890b56e8e9a9c46f11283069a07305759411769727edb1f0c392920fc8d546659957b75cfb78fc26f1cf53d6550c048a80ae4
Score

8^/10

evasion trojan persistence spyware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Adds Run entry to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanpersistencespyware

behavioral2