General
-
Target
96e69cbc7578b59b885409266c875ff84a6bf7f02d8a09dd06514b5f537fda74
-
Size
442KB
-
Sample
220521-bze3hafggm
-
MD5
20785f48e897edaf12c6b5cc5404f979
-
SHA1
351437386fcf51a33710c8467aa624242787c580
-
SHA256
96e69cbc7578b59b885409266c875ff84a6bf7f02d8a09dd06514b5f537fda74
-
SHA512
6ef8cb718fc80715f04703e1f35742e73a159b3d19ff4da04a50763a2b22f6935e9c65e70582ee8ca958c5daac76b79056f6e7bcce3ad3093755c1c07cdb8acc
Static task
static1
Behavioral task
behavioral1
Sample
Versanddetails.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Versanddetails.exe
-
Size
596KB
-
MD5
269a05d36d071c206dc87187d6136352
-
SHA1
85f8c093f487db02ebbbda53d0893be9bdbc0ace
-
SHA256
b774ad4c9780bdb6e4fec9dbd688f1ac6d0ee75e9771c64de99e1f5152e0b385
-
SHA512
2449cc3e98eb46ffb373552fe1ca7cca4fea9628482e0f3214a2ef19a97240b184eca1191607e6406d810238ef8a0a29030867bec0baf44a7c480d485d661ebc
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-