General
-
Target
90532734349599a2c6af93b1683645bfb0ee3a875e38d848b6429635a9a404d9
-
Size
1.7MB
-
Sample
220625-cz6qwsdaf9
-
MD5
7eb3242f494033c65654da082a99f276
-
SHA1
1a1b5cb7ffdd1e4e7d4b5f8e1acfd67e81c6f55d
-
SHA256
90532734349599a2c6af93b1683645bfb0ee3a875e38d848b6429635a9a404d9
-
SHA512
0de1f2db1c822df5e9ddcbc6cffd64c6c7332a8ed70167a878eb8ef9624d27c19542f543e51a7b68308b69af4f025dc65c32341c151990059916f67c0b0f971c
Static task
static1
Behavioral task
behavioral1
Sample
90532734349599a2c6af93b1683645bfb0ee3a875e38d848b6429635a9a404d9.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
90532734349599a2c6af93b1683645bfb0ee3a875e38d848b6429635a9a404d9.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
90532734349599a2c6af93b1683645bfb0ee3a875e38d848b6429635a9a404d9
-
Size
1.7MB
-
MD5
7eb3242f494033c65654da082a99f276
-
SHA1
1a1b5cb7ffdd1e4e7d4b5f8e1acfd67e81c6f55d
-
SHA256
90532734349599a2c6af93b1683645bfb0ee3a875e38d848b6429635a9a404d9
-
SHA512
0de1f2db1c822df5e9ddcbc6cffd64c6c7332a8ed70167a878eb8ef9624d27c19542f543e51a7b68308b69af4f025dc65c32341c151990059916f67c0b0f971c
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-