General
-
Target
aa37e3945923777910376196c735fdee10a1363c518076074f16723fc602399b
-
Size
366KB
-
Sample
220308-mnsd8sgeem
-
MD5
aaa3a073b0ab4863fc08488088c71ef5
-
SHA1
cef69c945f3a8aae3ddf4856260f6de4abcd4f8b
-
SHA256
aa37e3945923777910376196c735fdee10a1363c518076074f16723fc602399b
-
SHA512
82b7d34ee72772e6d6223d8d3e36c193e212e729b1d3f369b6a5bd65a09589cfe2876bcf3f00797f73d29f6af075f3b9c29f53ea81b5b1a0694cb2685c4342cd
Static task
static1
Behavioral task
behavioral1
Sample
aa37e3945923777910376196c735fdee10a1363c518076074f16723fc602399b.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
aa37e3945923777910376196c735fdee10a1363c518076074f16723fc602399b.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
aa37e3945923777910376196c735fdee10a1363c518076074f16723fc602399b
-
Size
366KB
-
MD5
aaa3a073b0ab4863fc08488088c71ef5
-
SHA1
cef69c945f3a8aae3ddf4856260f6de4abcd4f8b
-
SHA256
aa37e3945923777910376196c735fdee10a1363c518076074f16723fc602399b
-
SHA512
82b7d34ee72772e6d6223d8d3e36c193e212e729b1d3f369b6a5bd65a09589cfe2876bcf3f00797f73d29f6af075f3b9c29f53ea81b5b1a0694cb2685c4342cd
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-