General
-
Target
Prisons Image Logger V3.exe
-
Size
4.6MB
-
Sample
220705-2kqtkafgc5
-
MD5
b801595020682f928059f7a5576368f7
-
SHA1
a5638bcf0497a4908860d466cf2a602ea61687af
-
SHA256
ff3382577340e48ef4863491df18f1969d9d2336e6fee1525b62d664c185d94a
-
SHA512
5bb0db22e7d243935d178ef7f7f710c7693089ae840ae65d31f6cb23634ce2ec852fbd076dd9bf75f8b148b66e21a87c82798f95904ee58fdcb44acbc3036d4a
Static task
static1
Behavioral task
behavioral1
Sample
Prisons Image Logger V3.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Prisons Image Logger V3.exe
-
Size
4.6MB
-
MD5
b801595020682f928059f7a5576368f7
-
SHA1
a5638bcf0497a4908860d466cf2a602ea61687af
-
SHA256
ff3382577340e48ef4863491df18f1969d9d2336e6fee1525b62d664c185d94a
-
SHA512
5bb0db22e7d243935d178ef7f7f710c7693089ae840ae65d31f6cb23634ce2ec852fbd076dd9bf75f8b148b66e21a87c82798f95904ee58fdcb44acbc3036d4a
-
Modifies security service
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-