General
-
Target
3876a26f12c421029582584630654343a61b849df2ad186c46aa5088e57ad919
-
Size
183KB
-
Sample
220521-ncmv2sgegp
-
MD5
6e8c359ef1c706c4af9271ad31244012
-
SHA1
879968e5c54e8721c3d03431a2a59c79765bcec8
-
SHA256
3876a26f12c421029582584630654343a61b849df2ad186c46aa5088e57ad919
-
SHA512
e368a902423a462064cfd6df3fe2b33b812f032b35170c3146b64c7b35d5f94d26dd17e61a2d81195e652b17ada57512d29a730bb027a5f71c03885edd24f4f2
Static task
static1
Behavioral task
behavioral1
Sample
New Inquiry.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Inquiry.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
New Inquiry.pif
-
Size
236KB
-
MD5
45ec5d63516319155ce9d9b40dde3700
-
SHA1
43fe9b80034ce048054f1f44ccc5a9bc5a8693c2
-
SHA256
b0ffdd919be61a2c5329c7321a3beb4bbbd0a9a2d413e6a11d7f6803c662d04d
-
SHA512
037ed8a7a199420f3934afb42bdd908afc2c5b152bfd8bd4cb6b95b1192ffcf6aa6d333958cd536f7b3fb4b6021c37b606f45e5205ea9f136e6104c88230c843
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-