General
-
Target
03b8ecc02b354ea1e085fdf39e39ae3677d96ea239148521ee63688059090e3f
-
Size
1.3MB
-
Sample
220223-ahxqjsffa9
-
MD5
a2aacd4f9066a3eb2f3ad98cdccefb82
-
SHA1
ee7c90cb1fc29ceb623824a260e43282258ec462
-
SHA256
03b8ecc02b354ea1e085fdf39e39ae3677d96ea239148521ee63688059090e3f
-
SHA512
ab4b3dc359d5cb61ba68d62d76c9c920f83af0fc3f9cf64d434e70b9eb836a086b061c23ffa92030fcbba8b70852dd079da41a6a059defd5489be2199a392f21
Static task
static1
Behavioral task
behavioral1
Sample
03b8ecc02b354ea1e085fdf39e39ae3677d96ea239148521ee63688059090e3f.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
03b8ecc02b354ea1e085fdf39e39ae3677d96ea239148521ee63688059090e3f.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
03b8ecc02b354ea1e085fdf39e39ae3677d96ea239148521ee63688059090e3f
-
Size
1.3MB
-
MD5
a2aacd4f9066a3eb2f3ad98cdccefb82
-
SHA1
ee7c90cb1fc29ceb623824a260e43282258ec462
-
SHA256
03b8ecc02b354ea1e085fdf39e39ae3677d96ea239148521ee63688059090e3f
-
SHA512
ab4b3dc359d5cb61ba68d62d76c9c920f83af0fc3f9cf64d434e70b9eb836a086b061c23ffa92030fcbba8b70852dd079da41a6a059defd5489be2199a392f21
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-