General
-
Target
41f2155e62b44196ec22474d98a49b032abe14815b96b5908dd904b6e671ef63
-
Size
741KB
-
Sample
220708-epaltagfhj
-
MD5
7090812878b49691bd22b69fc663e367
-
SHA1
19a8471c514218b032263615a22c16788503d29a
-
SHA256
41f2155e62b44196ec22474d98a49b032abe14815b96b5908dd904b6e671ef63
-
SHA512
d992c569978ee82f592240f7d1d028ac3fe1fac3c8da22fb4462121201c640921fbc5d460bd6b75d840acebed91b60249db2d38ccfac343dafc64c8240cb8d57
Static task
static1
Behavioral task
behavioral1
Sample
41f2155e62b44196ec22474d98a49b032abe14815b96b5908dd904b6e671ef63.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
41f2155e62b44196ec22474d98a49b032abe14815b96b5908dd904b6e671ef63
-
Size
741KB
-
MD5
7090812878b49691bd22b69fc663e367
-
SHA1
19a8471c514218b032263615a22c16788503d29a
-
SHA256
41f2155e62b44196ec22474d98a49b032abe14815b96b5908dd904b6e671ef63
-
SHA512
d992c569978ee82f592240f7d1d028ac3fe1fac3c8da22fb4462121201c640921fbc5d460bd6b75d840acebed91b60249db2d38ccfac343dafc64c8240cb8d57
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-