General
-
Target
1a7879a3dc4c5eae512d8926b5a56ac80506b87672da53315fa4c04390299d9c
-
Size
522KB
-
Sample
220222-rtfd3shhd5
-
MD5
8195cf9de2079fbb1b216a81d1522d52
-
SHA1
908c71073e932f10ecde9157fe451f063d0b52ca
-
SHA256
1a7879a3dc4c5eae512d8926b5a56ac80506b87672da53315fa4c04390299d9c
-
SHA512
e5f9d77125d4a84913bb7b7ab03b04494b86980390f7ec65eb5efbb3d24b6ce7765acc931bfc98521997534f543b68af41145f9d1b62bb4663222051058782f3
Static task
static1
Behavioral task
behavioral1
Sample
1a7879a3dc4c5eae512d8926b5a56ac80506b87672da53315fa4c04390299d9c.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1a7879a3dc4c5eae512d8926b5a56ac80506b87672da53315fa4c04390299d9c.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
1a7879a3dc4c5eae512d8926b5a56ac80506b87672da53315fa4c04390299d9c
-
Size
522KB
-
MD5
8195cf9de2079fbb1b216a81d1522d52
-
SHA1
908c71073e932f10ecde9157fe451f063d0b52ca
-
SHA256
1a7879a3dc4c5eae512d8926b5a56ac80506b87672da53315fa4c04390299d9c
-
SHA512
e5f9d77125d4a84913bb7b7ab03b04494b86980390f7ec65eb5efbb3d24b6ce7765acc931bfc98521997534f543b68af41145f9d1b62bb4663222051058782f3
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-