General
-
Target
3ef53750695612794f2c321eb0be98bc64d9550fdfe53c477ba73ec4a229c0f9
-
Size
587KB
-
Sample
220310-31f5qsgbfq
-
MD5
0fcaefd4a7f6b9ee0b69dcc7159175ec
-
SHA1
5359e7a65f759bcd675d6409741a1cc95f95be64
-
SHA256
3ef53750695612794f2c321eb0be98bc64d9550fdfe53c477ba73ec4a229c0f9
-
SHA512
80e479b21600e40699a3c3e8d7e4b0f3cebc28c3393181b920fedabccc886f2ce36eae45095bdd007e887ed021dac9ad27cc5236308eee65fff821da3ea991b7
Static task
static1
Behavioral task
behavioral1
Sample
3ef53750695612794f2c321eb0be98bc64d9550fdfe53c477ba73ec4a229c0f9.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
3ef53750695612794f2c321eb0be98bc64d9550fdfe53c477ba73ec4a229c0f9.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
3ef53750695612794f2c321eb0be98bc64d9550fdfe53c477ba73ec4a229c0f9
-
Size
587KB
-
MD5
0fcaefd4a7f6b9ee0b69dcc7159175ec
-
SHA1
5359e7a65f759bcd675d6409741a1cc95f95be64
-
SHA256
3ef53750695612794f2c321eb0be98bc64d9550fdfe53c477ba73ec4a229c0f9
-
SHA512
80e479b21600e40699a3c3e8d7e4b0f3cebc28c3393181b920fedabccc886f2ce36eae45095bdd007e887ed021dac9ad27cc5236308eee65fff821da3ea991b7
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-