General

  • Target

    c6ee7c3efdf44626b701cf1474276d09f30b358a5463917d86f8d223ea1051aa

  • Size

    388KB

  • Sample

    220308-hcfh3scae8

  • MD5

    0aaa9135462e0fb34bcc84edb2bbe410

  • SHA1

    fa22e7de34ba942efc94144fa81b6f37038941d7

  • SHA256

    c6ee7c3efdf44626b701cf1474276d09f30b358a5463917d86f8d223ea1051aa

  • SHA512

    b3ef50d0824ef10ae90441486430d89aa5beb632d27a9e474f18db5a12c6395129938cafb98b87d745573593ffd7cb2561dd44a7bce2876be102ba92b7d3be61

Malware Config

Targets

    • Target

      c6ee7c3efdf44626b701cf1474276d09f30b358a5463917d86f8d223ea1051aa

    • Size

      388KB

    • MD5

      0aaa9135462e0fb34bcc84edb2bbe410

    • SHA1

      fa22e7de34ba942efc94144fa81b6f37038941d7

    • SHA256

      c6ee7c3efdf44626b701cf1474276d09f30b358a5463917d86f8d223ea1051aa

    • SHA512

      b3ef50d0824ef10ae90441486430d89aa5beb632d27a9e474f18db5a12c6395129938cafb98b87d745573593ffd7cb2561dd44a7bce2876be102ba92b7d3be61

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks