General
-
Target
200c2c1ad502a7c015d39f513cce255f0eeaaecd1befea68d7cc0d2ba673d524
-
Size
454KB
-
Sample
220521-pcrdxaacbq
-
MD5
32b98782e6c8f83729913bf7eabb4c7b
-
SHA1
ee6df23a1421899b5451ae3fe24e8ff1de8a5b65
-
SHA256
200c2c1ad502a7c015d39f513cce255f0eeaaecd1befea68d7cc0d2ba673d524
-
SHA512
1c594c83281ab50f56d566d3e7f9d9d86cc707fa27293f0666839bf3504b9f9c3c42a827130ae184d374f7fc9caaad9a722c3a5ac8dae22207df9ec4d01cabc9
Static task
static1
Behavioral task
behavioral1
Sample
Payment_PO.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Payment_PO.exe
-
Size
627KB
-
MD5
44a449e8130ba1528b8c87c8c57f1a6e
-
SHA1
3b41b67685d59d48bed981ecf5930852a21e0080
-
SHA256
17f48452ba71f7bbf410015c1eb67099aefb5da9ee9e61aea0ae323ca339bc1a
-
SHA512
0c770a0fde2a85fbfd0b0397a1495187360a5742d8e6e9ec85316a6b4c7821a758319fc91b68c9bf245cb5045a017c695570199d3e151ff81eb1fb8a2ae65f45
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-