General

  • Target

    92c5a70ef52b2b277794fc49c9a016c7ccd00d93e608b60beeb18467a8a56336

  • Size

    260KB

  • Sample

    220308-qavtzsehf8

  • MD5

    586b335cb841019bfeebcfd2ef49f011

  • SHA1

    6be9b1b37ecd6ff5b0fdc3f563a46955ebda2231

  • SHA256

    92c5a70ef52b2b277794fc49c9a016c7ccd00d93e608b60beeb18467a8a56336

  • SHA512

    2be38295d998ac9e76f61124bb8cb58fce3a85cdcaf662f500b7eb5d0f5a412c867cc35b37d747108dfd331b8b21411b186462d7923c13e567c18bcb32925876

Malware Config

Targets

    • Target

      92c5a70ef52b2b277794fc49c9a016c7ccd00d93e608b60beeb18467a8a56336

    • Size

      260KB

    • MD5

      586b335cb841019bfeebcfd2ef49f011

    • SHA1

      6be9b1b37ecd6ff5b0fdc3f563a46955ebda2231

    • SHA256

      92c5a70ef52b2b277794fc49c9a016c7ccd00d93e608b60beeb18467a8a56336

    • SHA512

      2be38295d998ac9e76f61124bb8cb58fce3a85cdcaf662f500b7eb5d0f5a412c867cc35b37d747108dfd331b8b21411b186462d7923c13e567c18bcb32925876

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks