General
-
Target
ebf11ac3c1c7cbdd7667977fce006d85ff89ff49182a9ac4b3ebd27057b99d89
-
Size
567KB
-
Sample
220521-mz8klafhdl
-
MD5
3c0ee822bd8279a7ceb81563b70d3011
-
SHA1
ed8e2ebe4ae21a41b995bf82e25169a2f52b9ce3
-
SHA256
ebf11ac3c1c7cbdd7667977fce006d85ff89ff49182a9ac4b3ebd27057b99d89
-
SHA512
d7a38d62d7f4e9446ee669e8e19e2eb7107e3a6a1f6f85d8a857bd2f2401f6b3d1e911e6cc37c4a529927c0e3ae9373cca4800c37ee718d880815101afccf6a0
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT DETAILS.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
PAYMENT DETAILS.exe
-
Size
913KB
-
MD5
b9d953083a5b1006d5632d82c7a01d8d
-
SHA1
4701c2bccbcfe59c1654c50f0e2800b3ffd062e3
-
SHA256
e1bf95bd96a59075ac24eec7c47b3142361ea79c1fb68e2b6039212fba523449
-
SHA512
70fb97ac42882e5e62ef07bdfa06de9ab59d37ecfd07f59eecf76081cc34ccff954bd0edbf593eaf8db10da6d560500ba83a36cadb77d1b980fe127cd63ddbf6
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-