General
-
Target
d6415fde1549f0b7fae0d67319f7ff78967b2de99e6b9dc9666953e1be2c064a
-
Size
7.4MB
-
Sample
220314-dmzmgscdg2
-
MD5
377a699b9cbc4b8928b16de46abf920f
-
SHA1
f2ab02632aef4141d13c3880973bc1003d1102ef
-
SHA256
d6415fde1549f0b7fae0d67319f7ff78967b2de99e6b9dc9666953e1be2c064a
-
SHA512
4f916a51ec32d0c609d3c69a9b5f9c905c7c37850fdc77063db349fe4bb0ca24a9cea6180ebc59ee3754736947dafc8b54b831444b6bc585bd5a43e46bcb4ba5
Static task
static1
Behavioral task
behavioral1
Sample
d6415fde1549f0b7fae0d67319f7ff78967b2de99e6b9dc9666953e1be2c064a.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
d6415fde1549f0b7fae0d67319f7ff78967b2de99e6b9dc9666953e1be2c064a.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
d6415fde1549f0b7fae0d67319f7ff78967b2de99e6b9dc9666953e1be2c064a
-
Size
7.4MB
-
MD5
377a699b9cbc4b8928b16de46abf920f
-
SHA1
f2ab02632aef4141d13c3880973bc1003d1102ef
-
SHA256
d6415fde1549f0b7fae0d67319f7ff78967b2de99e6b9dc9666953e1be2c064a
-
SHA512
4f916a51ec32d0c609d3c69a9b5f9c905c7c37850fdc77063db349fe4bb0ca24a9cea6180ebc59ee3754736947dafc8b54b831444b6bc585bd5a43e46bcb4ba5
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
RevengeRat Executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-