General
-
Target
368879602c1cbd9aba693fe681b5b3972d033c7ad782c324965f569986ef64aa
-
Size
723KB
-
Sample
220626-cpe57adbep
-
MD5
c9a560b2721b47ca68d577115cfa9d14
-
SHA1
df85d6c4624325425470ca3f95b18e89598d117d
-
SHA256
368879602c1cbd9aba693fe681b5b3972d033c7ad782c324965f569986ef64aa
-
SHA512
98c1e19d9625bcf4ffe6044a5ea6066708528b15c4546c05d2403385e1a54a9360b609bcb214e400c72d21cd1266f56c1cb33fbe144186dd3bc34e7f40d7441c
Static task
static1
Behavioral task
behavioral1
Sample
368879602c1cbd9aba693fe681b5b3972d033c7ad782c324965f569986ef64aa.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
368879602c1cbd9aba693fe681b5b3972d033c7ad782c324965f569986ef64aa.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
368879602c1cbd9aba693fe681b5b3972d033c7ad782c324965f569986ef64aa
-
Size
723KB
-
MD5
c9a560b2721b47ca68d577115cfa9d14
-
SHA1
df85d6c4624325425470ca3f95b18e89598d117d
-
SHA256
368879602c1cbd9aba693fe681b5b3972d033c7ad782c324965f569986ef64aa
-
SHA512
98c1e19d9625bcf4ffe6044a5ea6066708528b15c4546c05d2403385e1a54a9360b609bcb214e400c72d21cd1266f56c1cb33fbe144186dd3bc34e7f40d7441c
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-