General
-
Target
914d8f091eb65e8a12362a6d11303435e38c06d92f6b7336058b640a200dba8f
-
Size
459KB
-
Sample
220521-bzfc9sfggn
-
MD5
7c55ee92b86211c3d8d9418bc7cd3637
-
SHA1
0141c7345de621741c155267c12039fc1c6e40d8
-
SHA256
914d8f091eb65e8a12362a6d11303435e38c06d92f6b7336058b640a200dba8f
-
SHA512
55f93a6788222cf86a407820c4885bf79f05d3ac0b93516645d4869bb134f1d12a0d7bda020f769ec8a612a37df4a0351efd1267c7c0dd26177ca52f6a1fe70a
Static task
static1
Behavioral task
behavioral1
Sample
PAGO.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
PAGO.exe
-
Size
640KB
-
MD5
18606353f915383edba50e3c08a5ce7b
-
SHA1
91cb21162ea742db0ada9ae04c61472e8768f990
-
SHA256
9f04350b3ada8d1ed715252a5dc4cf06049a9fa30ad7f0f541dbafc358485e25
-
SHA512
e626b6ac23b5b824f4a960740478b3a2089d9bd4e1a5d31ea2e7c53767be43a7863c03a493c32e04e1c2bf9e7fca98a8723161c9b1fb0b11d11096eaabbc6dc2
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-