General
-
Target
bc96b57a65868a4107e25d173e62987ed9bf12c040c2c8e92fd753f7ba3959b1
-
Size
439KB
-
Sample
220521-bzcblsfggj
-
MD5
9cf8918b1a43f1aa57314dc5e0b92774
-
SHA1
687c886922c426d3c58992b13d6ebb90742fde9a
-
SHA256
bc96b57a65868a4107e25d173e62987ed9bf12c040c2c8e92fd753f7ba3959b1
-
SHA512
80f92d16745b83919560fac5988b132bfc5dc28d7e062085d3353ddd96119fdfb5376d60a6d86b61753228d8243f296d511ce6f8db86cd814edb02e29fd036b2
Static task
static1
Behavioral task
behavioral1
Sample
Payment_PO.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Payment_PO.exe
-
Size
587KB
-
MD5
15367ca46cabe7ffb925400809e9f4ac
-
SHA1
41327f0b7c9f69d45483813eef1d5c6f037ad3f5
-
SHA256
6e8a194ddc0f62c7c1cefa317877c8fb66f793c943c83e85265c2c6f86391145
-
SHA512
ecb0a3ea6d70f39a7fd4c016d595b39f0d9b41aee5264e0e8790270c0246888371849155ad726a413186f816d9a08f22ba1a04c4a5b078963a972dd94b40a44c
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-