General
-
Target
f9101503ea60a51ed3b8a8ac0281a28dda3aa268ed2ce37621492c1cd98144f1
-
Size
1.6MB
-
Sample
220701-d98hxaafcp
-
MD5
c0667a36058e6659ea95f3f6250d8888
-
SHA1
39c3f6d43bd64566e06c9c2f35dbc9ccbb4a33db
-
SHA256
f9101503ea60a51ed3b8a8ac0281a28dda3aa268ed2ce37621492c1cd98144f1
-
SHA512
a9a59e1487b8958d582f7c7e049ad7874329d2a9844797487f44f128a2247a67df1e86d5d1b7feadfe3af2df3a00927d0607126f378481eccb57f01509112062
Static task
static1
Behavioral task
behavioral1
Sample
f9101503ea60a51ed3b8a8ac0281a28dda3aa268ed2ce37621492c1cd98144f1.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
f9101503ea60a51ed3b8a8ac0281a28dda3aa268ed2ce37621492c1cd98144f1
-
Size
1.6MB
-
MD5
c0667a36058e6659ea95f3f6250d8888
-
SHA1
39c3f6d43bd64566e06c9c2f35dbc9ccbb4a33db
-
SHA256
f9101503ea60a51ed3b8a8ac0281a28dda3aa268ed2ce37621492c1cd98144f1
-
SHA512
a9a59e1487b8958d582f7c7e049ad7874329d2a9844797487f44f128a2247a67df1e86d5d1b7feadfe3af2df3a00927d0607126f378481eccb57f01509112062
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-