General
-
Target
a00cac3fbd48c43d65837efee960492c4843e8ae76a2745a35206d59287bb7b7
-
Size
949KB
-
Sample
220625-lfmncahac6
-
MD5
9596164a5d9b017918e8ebec60739069
-
SHA1
7ad289bc302be09fcfe3e7846253c584f251d398
-
SHA256
a00cac3fbd48c43d65837efee960492c4843e8ae76a2745a35206d59287bb7b7
-
SHA512
0b2f9001e84f68e65cf53334a8b72644d609c99590dfb5a8155ce1fa4d704f6bcec541e3602a191d9769118864812d8e0ec12f4509f69a89f6142cbff5b11b2e
Static task
static1
Behavioral task
behavioral1
Sample
a00cac3fbd48c43d65837efee960492c4843e8ae76a2745a35206d59287bb7b7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a00cac3fbd48c43d65837efee960492c4843e8ae76a2745a35206d59287bb7b7.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
a00cac3fbd48c43d65837efee960492c4843e8ae76a2745a35206d59287bb7b7
-
Size
949KB
-
MD5
9596164a5d9b017918e8ebec60739069
-
SHA1
7ad289bc302be09fcfe3e7846253c584f251d398
-
SHA256
a00cac3fbd48c43d65837efee960492c4843e8ae76a2745a35206d59287bb7b7
-
SHA512
0b2f9001e84f68e65cf53334a8b72644d609c99590dfb5a8155ce1fa4d704f6bcec541e3602a191d9769118864812d8e0ec12f4509f69a89f6142cbff5b11b2e
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-