General
-
Target
2f79996a4e3c810984fdfeb1df611ff3a1b3d6e983fee3111eff8f84f1f60c86
-
Size
825KB
-
Sample
220621-y79y6sfad4
-
MD5
91a939ac483d6fc201bce7807ec673d3
-
SHA1
bd8ba0259c9f69636ac5ff284547232e01dbd888
-
SHA256
2f79996a4e3c810984fdfeb1df611ff3a1b3d6e983fee3111eff8f84f1f60c86
-
SHA512
41f7e94fce592a1a2e2b0e36d04d6cdbb0c19b7ebc6538cebd254ae4baf06e2e52655d8c474b8fb785273d40e8d08e4673c1152f6dfd2da8d62e86c89e743de5
Static task
static1
Behavioral task
behavioral1
Sample
2f79996a4e3c810984fdfeb1df611ff3a1b3d6e983fee3111eff8f84f1f60c86.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
2f79996a4e3c810984fdfeb1df611ff3a1b3d6e983fee3111eff8f84f1f60c86
-
Size
825KB
-
MD5
91a939ac483d6fc201bce7807ec673d3
-
SHA1
bd8ba0259c9f69636ac5ff284547232e01dbd888
-
SHA256
2f79996a4e3c810984fdfeb1df611ff3a1b3d6e983fee3111eff8f84f1f60c86
-
SHA512
41f7e94fce592a1a2e2b0e36d04d6cdbb0c19b7ebc6538cebd254ae4baf06e2e52655d8c474b8fb785273d40e8d08e4673c1152f6dfd2da8d62e86c89e743de5
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-