General
-
Target
705f4d7d22c1ee050c9a2120f89eb7a33df430ef12ecfac1fe630654af7496af
-
Size
618KB
-
Sample
220521-n2mxcaeea8
-
MD5
7e417528865cd99fcac5cac2d3e185e4
-
SHA1
d606b90bf859bf0e9d71e4b3604b8b69c88b8c54
-
SHA256
705f4d7d22c1ee050c9a2120f89eb7a33df430ef12ecfac1fe630654af7496af
-
SHA512
8907e295eb278e2eea273af1abb33e4f6085e1a206be3a44bfa7cbaf0fc96428a503b0baad189fb018fc23741746f335857d700a66e8a290e04ccaf09655a139
Static task
static1
Behavioral task
behavioral1
Sample
Order05AUG2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order05AUG2020.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Order05AUG2020.exe
-
Size
1006KB
-
MD5
038693f8466a14ba268a79978cbc8b7a
-
SHA1
bca906b2e971344ceace3b32a4885f8198e00930
-
SHA256
dc9ab0fc37303739eebdebf61ae10291db28738997267cdaf100f5c03f263c39
-
SHA512
30f93e140ab36579b3e29e2620a7a9ece7aadffffe33cafc6e947e9f2db74cb1cbc25c5dbfb49aa83e4d676b34783533abdf041ef9b038400951fdfce88a7f2a
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-