General
-
Target
43476aa135f1a1ff3c777761836b02ab9894804ff046647cc4a2a81f4930d4d8
-
Size
1.8MB
-
Sample
220310-2nxraacdf3
-
MD5
6f629ccb756ec4415f982fdb9be3ec76
-
SHA1
d294466bf25462e768bdd2e3bee7db9b584e1a3b
-
SHA256
43476aa135f1a1ff3c777761836b02ab9894804ff046647cc4a2a81f4930d4d8
-
SHA512
ebb7ffd01c3b9e99e8c5d5d85e802bc9c8b5a1b31398d0d9c67a115ddbcdb059c3239ebc082e1cdbf68a49defd58a445eea3b617e541ba0ea88ae951669855a0
Static task
static1
Behavioral task
behavioral1
Sample
43476aa135f1a1ff3c777761836b02ab9894804ff046647cc4a2a81f4930d4d8.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
43476aa135f1a1ff3c777761836b02ab9894804ff046647cc4a2a81f4930d4d8.exe
Resource
win10v2004-20220310-en
Malware Config
Targets
-
-
Target
43476aa135f1a1ff3c777761836b02ab9894804ff046647cc4a2a81f4930d4d8
-
Size
1.8MB
-
MD5
6f629ccb756ec4415f982fdb9be3ec76
-
SHA1
d294466bf25462e768bdd2e3bee7db9b584e1a3b
-
SHA256
43476aa135f1a1ff3c777761836b02ab9894804ff046647cc4a2a81f4930d4d8
-
SHA512
ebb7ffd01c3b9e99e8c5d5d85e802bc9c8b5a1b31398d0d9c67a115ddbcdb059c3239ebc082e1cdbf68a49defd58a445eea3b617e541ba0ea88ae951669855a0
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-