General
-
Target
39f5e7df6b0fc6a9220afb312623c2706fe0b7f5b1aea3f5574b7d24b19555da
-
Size
724KB
-
Sample
220625-h3d3yadae7
-
MD5
e6188647d8005430e9a45ee801cfc2b3
-
SHA1
62fd097427c97be09a793d398eeceddb0b4a0932
-
SHA256
39f5e7df6b0fc6a9220afb312623c2706fe0b7f5b1aea3f5574b7d24b19555da
-
SHA512
1ca782ab8da9cec306e3a8e849a55d589fba9bd661b4a088907b94cbedfa73615d16a7e54a20523a7f917463c42ea317b7b3b0325089bccfd74d1212800d4771
Static task
static1
Behavioral task
behavioral1
Sample
39f5e7df6b0fc6a9220afb312623c2706fe0b7f5b1aea3f5574b7d24b19555da.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
39f5e7df6b0fc6a9220afb312623c2706fe0b7f5b1aea3f5574b7d24b19555da.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
39f5e7df6b0fc6a9220afb312623c2706fe0b7f5b1aea3f5574b7d24b19555da
-
Size
724KB
-
MD5
e6188647d8005430e9a45ee801cfc2b3
-
SHA1
62fd097427c97be09a793d398eeceddb0b4a0932
-
SHA256
39f5e7df6b0fc6a9220afb312623c2706fe0b7f5b1aea3f5574b7d24b19555da
-
SHA512
1ca782ab8da9cec306e3a8e849a55d589fba9bd661b4a088907b94cbedfa73615d16a7e54a20523a7f917463c42ea317b7b3b0325089bccfd74d1212800d4771
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-