General
-
Target
0f371c17a23b2d2ce7d515476798aa61418232c74d7412b07a8473cde26d3a7b
-
Size
775KB
-
Sample
220226-lnxhhsbfcn
-
MD5
ab385c6275ab31c216f2e95a8b7d4fb8
-
SHA1
6fe184a0d6a6e926fb4ac6fdbda9064dfc053611
-
SHA256
0f371c17a23b2d2ce7d515476798aa61418232c74d7412b07a8473cde26d3a7b
-
SHA512
17d9ab736598c6062bcbb60d4041029ad8779132b7f3a717812c1815f162968dd43b45cd69506051b523440cb5caea583947061ca78fa5444d43b60286606d1a
Static task
static1
Behavioral task
behavioral1
Sample
0f371c17a23b2d2ce7d515476798aa61418232c74d7412b07a8473cde26d3a7b.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
0f371c17a23b2d2ce7d515476798aa61418232c74d7412b07a8473cde26d3a7b.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
0f371c17a23b2d2ce7d515476798aa61418232c74d7412b07a8473cde26d3a7b
-
Size
775KB
-
MD5
ab385c6275ab31c216f2e95a8b7d4fb8
-
SHA1
6fe184a0d6a6e926fb4ac6fdbda9064dfc053611
-
SHA256
0f371c17a23b2d2ce7d515476798aa61418232c74d7412b07a8473cde26d3a7b
-
SHA512
17d9ab736598c6062bcbb60d4041029ad8779132b7f3a717812c1815f162968dd43b45cd69506051b523440cb5caea583947061ca78fa5444d43b60286606d1a
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-