3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681 | Triage

Submit
Reports

Overview

overview

9

Static

static

3a6f8cddd7...81.exe

windows7_x64

9

3a6f8cddd7...81.exe

windows10-2004_x64

9

Sharing

General

Target

3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681
Size

534KB
Sample

220625-eezsysdahq
MD5

505932cec770e1c21616d9076355fb40
SHA1

4f9cfd1b541a6684d3eea104382312aab7d1f541
SHA256

3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681
SHA512

c7c0668780d6971a47c68272efc1d2b54e0f19b6b33e5db15293c4cc2d0cbc7518c1ab362544055f92b963b1db75a6ef6f5b41d3f1857d658d75022cd63dcbd3

Score

9^/10

collection

Static task

static1

Behavioral task

behavioral1

Sample

3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681
- Size
  
  534KB
- MD5
  
  505932cec770e1c21616d9076355fb40
- SHA1
  
  4f9cfd1b541a6684d3eea104382312aab7d1f541
- SHA256
  
  3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681
- SHA512
  
  c7c0668780d6971a47c68272efc1d2b54e0f19b6b33e5db15293c4cc2d0cbc7518c1ab362544055f92b963b1db75a6ef6f5b41d3f1857d658d75022cd63dcbd3
Score

9^/10

collection
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy