General
-
Target
vbc.exe
-
Size
444KB
-
Sample
200630-nypwphzh9s
-
MD5
c66f665b6e12b556e6c90b52af988edc
-
SHA1
58060b2ab7c2441aeb29a034c48fc190c9789281
-
SHA256
ac8087b133a1022287bb8aad082e1fd0b669509289a5ef5f2e17714de7acfb5b
-
SHA512
7a18c04db5e2a35477429568b86890b56e8e9a9c46f11283069a07305759411769727edb1f0c392920fc8d546659957b75cfb78fc26f1cf53d6550c048a80ae4
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7
Behavioral task
behavioral2
Sample
vbc.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
vbc.exe
-
Size
444KB
-
MD5
c66f665b6e12b556e6c90b52af988edc
-
SHA1
58060b2ab7c2441aeb29a034c48fc190c9789281
-
SHA256
ac8087b133a1022287bb8aad082e1fd0b669509289a5ef5f2e17714de7acfb5b
-
SHA512
7a18c04db5e2a35477429568b86890b56e8e9a9c46f11283069a07305759411769727edb1f0c392920fc8d546659957b75cfb78fc26f1cf53d6550c048a80ae4
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-