General
-
Target
37089cae2e7e01065af58c26caf6b8bc51cf5b12e14fe34a9c3c4de686680a5f
-
Size
454KB
-
Sample
220521-bzpxpscgc3
-
MD5
8545d68c3382001413099c78d31954fd
-
SHA1
71082545154463fe770c4214add90a4da3338663
-
SHA256
37089cae2e7e01065af58c26caf6b8bc51cf5b12e14fe34a9c3c4de686680a5f
-
SHA512
b9151a93e346c4841975b99694cb3d21ea895d538abcd84a53d732a7e5e4daf69a52b99b302410d8c143efc6aeba17b8f1fac377b689f33142527fde19d83931
Static task
static1
Behavioral task
behavioral1
Sample
Payment_PO.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Payment_PO.exe
-
Size
627KB
-
MD5
7d98f4732cff55ffe7505d4c020ac2dc
-
SHA1
ec9b164ea991a90ec7224a3612ca7303a24edf05
-
SHA256
893c4fed40fd177ccf67add3628dafa31ce34c2e3b77aac29fcc6d2b52be9ef4
-
SHA512
49cda046d919a9bd39e19ccfbd3136689f9b7e8edbaf3b0dcce3bb62dec3ac80b2e28c247176cf92dfb95c0800a6fb9d24d5442220ea5112ee31340e3b3ad858
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-