General
-
Target
123c2d92cad893d84cccfaa1ed94a7ee89fc20c069befbae549a6b4ca55fb91e
-
Size
522KB
-
Sample
220222-wkrg7sdagk
-
MD5
b47373744f2b12d3dd3662952b8cb3b0
-
SHA1
0bed661ef55d00ad301e86c0850fce098064bad1
-
SHA256
123c2d92cad893d84cccfaa1ed94a7ee89fc20c069befbae549a6b4ca55fb91e
-
SHA512
0d85d0c8d81f20fab5504adcf2eb9ce2d5607bbc0abc87f9b030650460d2dedb132ffe84739535e3491cd4d689682c683850bceb0e58747827d6250dd3639952
Static task
static1
Behavioral task
behavioral1
Sample
123c2d92cad893d84cccfaa1ed94a7ee89fc20c069befbae549a6b4ca55fb91e.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
123c2d92cad893d84cccfaa1ed94a7ee89fc20c069befbae549a6b4ca55fb91e.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
123c2d92cad893d84cccfaa1ed94a7ee89fc20c069befbae549a6b4ca55fb91e
-
Size
522KB
-
MD5
b47373744f2b12d3dd3662952b8cb3b0
-
SHA1
0bed661ef55d00ad301e86c0850fce098064bad1
-
SHA256
123c2d92cad893d84cccfaa1ed94a7ee89fc20c069befbae549a6b4ca55fb91e
-
SHA512
0d85d0c8d81f20fab5504adcf2eb9ce2d5607bbc0abc87f9b030650460d2dedb132ffe84739535e3491cd4d689682c683850bceb0e58747827d6250dd3639952
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-