General
-
Target
632c1db5916bf6009d159569ef85e8f6c6a2cc787c99ef0368cb38a098ce30e9
-
Size
662KB
-
Sample
220521-aqjtnadeep
-
MD5
80ab00529d2053c1dd52596ce1ab85a4
-
SHA1
a5859f10e27eecf6ed0a1b7e24eb6d9e39943a00
-
SHA256
632c1db5916bf6009d159569ef85e8f6c6a2cc787c99ef0368cb38a098ce30e9
-
SHA512
f8f80a5cde1e800b8b9a9c7fe45a12bc173eadd7c9e8874d611f79995d7ae3860ca3f98663e04620ec80349363a7e3d6bdf3a82d5f2e6c2caf250b67a433b171
Static task
static1
Behavioral task
behavioral1
Sample
l0185766832020805.PDF.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
l0185766832020805.PDF.exe
-
Size
704KB
-
MD5
97b7848d96c0c8597f343302ccb46c2d
-
SHA1
7d83dc7b96f9a1b7791410661b314cfd6812e8d9
-
SHA256
f530b8632c088e021b96196b12490d2b6c4e7d2ca04b03a8646cc4a45f8de36c
-
SHA512
7e5697f22a99f4b1388cc083689b63719c4c0bd4aa88b4c9724952c44ce9bfd677a0cbc916e03ff87b1dc607d89636962dc07a9ee088938ffbc84a0f1da45236
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-