General
-
Target
0526201aa5028da43a2e3d8192c2d62c6953e4f940a631a6365099a22c934200
-
Size
520KB
-
Sample
220222-3nd5lsgfbj
-
MD5
67776527840d82f76b5813cfaafec0be
-
SHA1
e69ed79ab697be1fbd1452a000d7d95975cc8a2c
-
SHA256
0526201aa5028da43a2e3d8192c2d62c6953e4f940a631a6365099a22c934200
-
SHA512
44e96f99230f486420bb46093dac8e26974029bdd9fbeb7acce3338063547d449aedcdca793e03de13df2624a24ff4986d71233acbfebd7fbc39def754e0d974
Static task
static1
Behavioral task
behavioral1
Sample
0526201aa5028da43a2e3d8192c2d62c6953e4f940a631a6365099a22c934200.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0526201aa5028da43a2e3d8192c2d62c6953e4f940a631a6365099a22c934200.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
0526201aa5028da43a2e3d8192c2d62c6953e4f940a631a6365099a22c934200
-
Size
520KB
-
MD5
67776527840d82f76b5813cfaafec0be
-
SHA1
e69ed79ab697be1fbd1452a000d7d95975cc8a2c
-
SHA256
0526201aa5028da43a2e3d8192c2d62c6953e4f940a631a6365099a22c934200
-
SHA512
44e96f99230f486420bb46093dac8e26974029bdd9fbeb7acce3338063547d449aedcdca793e03de13df2624a24ff4986d71233acbfebd7fbc39def754e0d974
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-