General
-
Target
4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482
-
Size
556KB
-
Sample
220701-f6rgbsfgb4
-
MD5
e3638516b609eed8bfa8e5732e5eebba
-
SHA1
12c752d26dab93e1b10f81cca4c7bb5d45c7b654
-
SHA256
4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482
-
SHA512
ef60515898834800b2b281bb3484591125c4e5f91487dd8e5f1c2e07226d64cb0739448d9a53f68a3e42ab5498cf721e4e55b0702135657f5d9974158d746984
Static task
static1
Behavioral task
behavioral1
Sample
4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482
-
Size
556KB
-
MD5
e3638516b609eed8bfa8e5732e5eebba
-
SHA1
12c752d26dab93e1b10f81cca4c7bb5d45c7b654
-
SHA256
4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482
-
SHA512
ef60515898834800b2b281bb3484591125c4e5f91487dd8e5f1c2e07226d64cb0739448d9a53f68a3e42ab5498cf721e4e55b0702135657f5d9974158d746984
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-