General
-
Target
a2a648eab1014219484ef6c41803fed6d35ffb6bc585bd0ad56136f1c5e199f2
-
Size
839KB
-
Sample
220625-lfj78ahac3
-
MD5
e6a4c86a07c1a1ee6d19c859a7fbb448
-
SHA1
7feb2ed702d4bdbb747ae09151eef9a6a0e7a2f2
-
SHA256
a2a648eab1014219484ef6c41803fed6d35ffb6bc585bd0ad56136f1c5e199f2
-
SHA512
c612db2c8cad151b5ec733e3a0ec53386a366800f9a96f4a69465cd0ed640ab31751d0e4b762d59873e0894aefa43a178ed63df87bb02e6fb6f35abefd663bc6
Static task
static1
Behavioral task
behavioral1
Sample
a2a648eab1014219484ef6c41803fed6d35ffb6bc585bd0ad56136f1c5e199f2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a2a648eab1014219484ef6c41803fed6d35ffb6bc585bd0ad56136f1c5e199f2.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
a2a648eab1014219484ef6c41803fed6d35ffb6bc585bd0ad56136f1c5e199f2
-
Size
839KB
-
MD5
e6a4c86a07c1a1ee6d19c859a7fbb448
-
SHA1
7feb2ed702d4bdbb747ae09151eef9a6a0e7a2f2
-
SHA256
a2a648eab1014219484ef6c41803fed6d35ffb6bc585bd0ad56136f1c5e199f2
-
SHA512
c612db2c8cad151b5ec733e3a0ec53386a366800f9a96f4a69465cd0ed640ab31751d0e4b762d59873e0894aefa43a178ed63df87bb02e6fb6f35abefd663bc6
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-