General
-
Target
76cda3c8048337d1b0bfc9f4be2b3b9777e1a8c93a48f7e10b375d8f9f764b40
-
Size
821KB
-
Sample
220625-jz58paefc3
-
MD5
9bef27da4a740c8f13291f3d86754483
-
SHA1
1974ded2715bc36a9fcae1a233899a83fb353aa1
-
SHA256
76cda3c8048337d1b0bfc9f4be2b3b9777e1a8c93a48f7e10b375d8f9f764b40
-
SHA512
43326f38aa274c6857c92cbdb8aeb28acdae511633c43b3d7f5f1b80572879e2e489b166ce77991e602124cf35f338fa263fdd2b63f3d2956a41a598056c2ae9
Static task
static1
Behavioral task
behavioral1
Sample
76cda3c8048337d1b0bfc9f4be2b3b9777e1a8c93a48f7e10b375d8f9f764b40.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
76cda3c8048337d1b0bfc9f4be2b3b9777e1a8c93a48f7e10b375d8f9f764b40
-
Size
821KB
-
MD5
9bef27da4a740c8f13291f3d86754483
-
SHA1
1974ded2715bc36a9fcae1a233899a83fb353aa1
-
SHA256
76cda3c8048337d1b0bfc9f4be2b3b9777e1a8c93a48f7e10b375d8f9f764b40
-
SHA512
43326f38aa274c6857c92cbdb8aeb28acdae511633c43b3d7f5f1b80572879e2e489b166ce77991e602124cf35f338fa263fdd2b63f3d2956a41a598056c2ae9
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-