General
-
Target
2f1a1d057798c30d3302a9be7cdedb37a1d8a848af2bd94c82a20b5346f38cb7
-
Size
777KB
-
Sample
220621-3xh5xshhe4
-
MD5
945b5b1d0b633bc4617e344613bd3f73
-
SHA1
7cbca5c913ec0cd21931991345a6fe5dcf730d38
-
SHA256
2f1a1d057798c30d3302a9be7cdedb37a1d8a848af2bd94c82a20b5346f38cb7
-
SHA512
f8393382e64ded2dddf8c8fb0ea022b47648f8c81253f434b94098ab9af742f62dcced34743b3ff165df1495c366ca60409a3d3c4e46c6fca728cda55e98f989
Static task
static1
Behavioral task
behavioral1
Sample
2f1a1d057798c30d3302a9be7cdedb37a1d8a848af2bd94c82a20b5346f38cb7.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
2f1a1d057798c30d3302a9be7cdedb37a1d8a848af2bd94c82a20b5346f38cb7
-
Size
777KB
-
MD5
945b5b1d0b633bc4617e344613bd3f73
-
SHA1
7cbca5c913ec0cd21931991345a6fe5dcf730d38
-
SHA256
2f1a1d057798c30d3302a9be7cdedb37a1d8a848af2bd94c82a20b5346f38cb7
-
SHA512
f8393382e64ded2dddf8c8fb0ea022b47648f8c81253f434b94098ab9af742f62dcced34743b3ff165df1495c366ca60409a3d3c4e46c6fca728cda55e98f989
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-