General
-
Target
404bb69111fd469c21da4fa51543ed0b38ecbe59d7a8e9427c4af42dde37711b
-
Size
741KB
-
Sample
220708-yyasqahfd8
-
MD5
0565c84b96a8af71f996b2188e88414e
-
SHA1
f8aad0b9f224b8b09a8459819ceb54d7f75ad39e
-
SHA256
404bb69111fd469c21da4fa51543ed0b38ecbe59d7a8e9427c4af42dde37711b
-
SHA512
57de3800b036048067dc1c6111270cb25a42c947489cd7f155c7895b5a40d1f89f24743add26ee77e70ebaeb9d190b2c823f572a7927471eaf49a2c890f8f177
Static task
static1
Behavioral task
behavioral1
Sample
404bb69111fd469c21da4fa51543ed0b38ecbe59d7a8e9427c4af42dde37711b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
404bb69111fd469c21da4fa51543ed0b38ecbe59d7a8e9427c4af42dde37711b.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
404bb69111fd469c21da4fa51543ed0b38ecbe59d7a8e9427c4af42dde37711b
-
Size
741KB
-
MD5
0565c84b96a8af71f996b2188e88414e
-
SHA1
f8aad0b9f224b8b09a8459819ceb54d7f75ad39e
-
SHA256
404bb69111fd469c21da4fa51543ed0b38ecbe59d7a8e9427c4af42dde37711b
-
SHA512
57de3800b036048067dc1c6111270cb25a42c947489cd7f155c7895b5a40d1f89f24743add26ee77e70ebaeb9d190b2c823f572a7927471eaf49a2c890f8f177
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-