General
-
Target
0d9620cc6f13557348009640f972fef49c151e28e8a6513fb5fc0e8cce54fee9
-
Size
667KB
-
Sample
220521-byh3rsfgcl
-
MD5
a4f7e17094650915389b3bf9c9ce6d6e
-
SHA1
002af5c09b3eec8c9d5bd027273259472bdb492c
-
SHA256
0d9620cc6f13557348009640f972fef49c151e28e8a6513fb5fc0e8cce54fee9
-
SHA512
753c45cdf486eda839c60c1d6c8e7865b7d84e68a8b4f247211001fe44c2fa93a41f23a30292fe907ff534aa036288136bb474952d8739528590598ba638db60
Static task
static1
Behavioral task
behavioral1
Sample
order.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
order.exe
-
Size
713KB
-
MD5
0b6d5d917fd841fc0ccb900d1d0817d2
-
SHA1
fe706ce3530b8be18f49a195c621dfc77b4f2fce
-
SHA256
01c7dd686988aded4a1730159eaaa2f4ecfb9f53dc93a3f9ba0503b7698aa454
-
SHA512
b83f7d278553e06903bbc798cfbea3d671b86756a04d2562db33da3e406f7124c1e3862a0286c9406ada254e8e173af428d8364296d309db55689121ac9a50a1
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-