General
-
Target
3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681
-
Size
534KB
-
Sample
220625-eezsysdahq
-
MD5
505932cec770e1c21616d9076355fb40
-
SHA1
4f9cfd1b541a6684d3eea104382312aab7d1f541
-
SHA256
3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681
-
SHA512
c7c0668780d6971a47c68272efc1d2b54e0f19b6b33e5db15293c4cc2d0cbc7518c1ab362544055f92b963b1db75a6ef6f5b41d3f1857d658d75022cd63dcbd3
Malware Config
Targets
-
-
Target
3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681
-
Size
534KB
-
MD5
505932cec770e1c21616d9076355fb40
-
SHA1
4f9cfd1b541a6684d3eea104382312aab7d1f541
-
SHA256
3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681
-
SHA512
c7c0668780d6971a47c68272efc1d2b54e0f19b6b33e5db15293c4cc2d0cbc7518c1ab362544055f92b963b1db75a6ef6f5b41d3f1857d658d75022cd63dcbd3
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-