General

  • Target

    3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681

  • Size

    534KB

  • Sample

    220625-eezsysdahq

  • MD5

    505932cec770e1c21616d9076355fb40

  • SHA1

    4f9cfd1b541a6684d3eea104382312aab7d1f541

  • SHA256

    3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681

  • SHA512

    c7c0668780d6971a47c68272efc1d2b54e0f19b6b33e5db15293c4cc2d0cbc7518c1ab362544055f92b963b1db75a6ef6f5b41d3f1857d658d75022cd63dcbd3

Score
9/10

Malware Config

Targets

    • Target

      3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681

    • Size

      534KB

    • MD5

      505932cec770e1c21616d9076355fb40

    • SHA1

      4f9cfd1b541a6684d3eea104382312aab7d1f541

    • SHA256

      3a6f8cddd7f1169d55311be1034127b00d51b68bb796a7ce0ddfe7f2975c1681

    • SHA512

      c7c0668780d6971a47c68272efc1d2b54e0f19b6b33e5db15293c4cc2d0cbc7518c1ab362544055f92b963b1db75a6ef6f5b41d3f1857d658d75022cd63dcbd3

    Score
    9/10
    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks