General
-
Target
ad3da792a9b200d10c9899e2622b7ada96891455ef8d371586c22d3cda737405
-
Size
460KB
-
Sample
220521-bzefzafggk
-
MD5
779863b55ac9ddfc0b41f45fec1fee45
-
SHA1
41a57f4800155fabbdab2501e984e5ddd938bf2c
-
SHA256
ad3da792a9b200d10c9899e2622b7ada96891455ef8d371586c22d3cda737405
-
SHA512
c126a6ab7ac438585d9bb847062def90a58ea81836f4a840d98345a006d74e09769d462a67f91f49535b537fd8366431ff484f0388b3bcfe8b336dd71479389b
Static task
static1
Behavioral task
behavioral1
Sample
PAGO.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
PAGO.exe
-
Size
640KB
-
MD5
ed8cbaaad32148441d5822bb7d8627f6
-
SHA1
f9bed9c2faf30a831bf759e812400115ac442814
-
SHA256
cf70d70fea87e6ad3690e0fe6823409573e72d29b8d41452dba2fddb85d99b7b
-
SHA512
52c5769ad0f851d9d42d936ae9e0df7742075da36231a4085a8e3af326f13b93e41c052f284225bfc7decba52e90516ebdca2d4ba4031364a305b0f0e41f387e
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-