General
-
Target
1982cd28239c9b7882794b27b48099bc9f6706df2e47d3916dfc4e811a2b08d6
-
Size
345KB
-
Sample
220521-bxzzwsfgal
-
MD5
45de4eea91072f0c655b66b94f8b3ad9
-
SHA1
162af2570b2a68bd046797e57a0d2c6fbb7238b3
-
SHA256
1982cd28239c9b7882794b27b48099bc9f6706df2e47d3916dfc4e811a2b08d6
-
SHA512
41377fc17651eba8c143e87ca9e438d47fd6567a777b40c31ade32ba347e4185cac0b338a5aa20271661870ba8a0a65b1f415cfdfba7d84c9d35996cfaf52562
Static task
static1
Behavioral task
behavioral1
Sample
scan00001543.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
scan00001543.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
scan00001543
-
Size
398KB
-
MD5
5678efb48a28b255830a91e260c2504e
-
SHA1
e030714e67ddeff23860be582553807d15c7f1e2
-
SHA256
717cc1c1cd1788a45027d549ae018a57f72e8f5f7586be633055c2400440b489
-
SHA512
c6146c170b937a7daa9e6be50f7df9eb552216222d474965a41730d4ddfbeaa00466bea48318951b1e5c33d6a79b9791d788ab4e4dc8fac51cea32d35cc54477
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-