General
-
Target
6262bcfae7b85c6ad43b2d8cec89f6b9a5b09c2e903c9316f33a7e6a5cdadb0f
-
Size
1.0MB
-
Sample
220625-j3tdasege3
-
MD5
fdd2d4cb27f4542ac7467c432d46b9ae
-
SHA1
6798ffbb650b453c091bb787075eb2a1bfd99c26
-
SHA256
6262bcfae7b85c6ad43b2d8cec89f6b9a5b09c2e903c9316f33a7e6a5cdadb0f
-
SHA512
7d67a431ff1e69f67d61928ab79bd5d09f0a991c589070fea395f97b7aa7c50e0241f4b627c87d294e23fa152ee204ce240781ce6ba82919345c3fde61be7a46
Static task
static1
Behavioral task
behavioral1
Sample
6262bcfae7b85c6ad43b2d8cec89f6b9a5b09c2e903c9316f33a7e6a5cdadb0f.rtf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6262bcfae7b85c6ad43b2d8cec89f6b9a5b09c2e903c9316f33a7e6a5cdadb0f.rtf
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
6262bcfae7b85c6ad43b2d8cec89f6b9a5b09c2e903c9316f33a7e6a5cdadb0f
-
Size
1.0MB
-
MD5
fdd2d4cb27f4542ac7467c432d46b9ae
-
SHA1
6798ffbb650b453c091bb787075eb2a1bfd99c26
-
SHA256
6262bcfae7b85c6ad43b2d8cec89f6b9a5b09c2e903c9316f33a7e6a5cdadb0f
-
SHA512
7d67a431ff1e69f67d61928ab79bd5d09f0a991c589070fea395f97b7aa7c50e0241f4b627c87d294e23fa152ee204ce240781ce6ba82919345c3fde61be7a46
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Suspicious use of SetThreadContext
-