General
-
Target
4019cf915b12ba8d38bd33dbdb3228ddc3ac00371030e97252b5b57e577ec719
-
Size
601KB
-
Sample
220708-z8th9acac3
-
MD5
7a11a841efd305aebc3deb095d1b7403
-
SHA1
43dd663fceeb3ec582700aa3f28911c6234d0899
-
SHA256
4019cf915b12ba8d38bd33dbdb3228ddc3ac00371030e97252b5b57e577ec719
-
SHA512
f32b531221114be35f51846b67b96118f589859b1aa4624dabb25f2896408a7961b1587893ae2f0dc7d5701f02d745bc0670f1d30f2d46e9557592aa4e588ce2
Static task
static1
Behavioral task
behavioral1
Sample
4019cf915b12ba8d38bd33dbdb3228ddc3ac00371030e97252b5b57e577ec719.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4019cf915b12ba8d38bd33dbdb3228ddc3ac00371030e97252b5b57e577ec719.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
4019cf915b12ba8d38bd33dbdb3228ddc3ac00371030e97252b5b57e577ec719
-
Size
601KB
-
MD5
7a11a841efd305aebc3deb095d1b7403
-
SHA1
43dd663fceeb3ec582700aa3f28911c6234d0899
-
SHA256
4019cf915b12ba8d38bd33dbdb3228ddc3ac00371030e97252b5b57e577ec719
-
SHA512
f32b531221114be35f51846b67b96118f589859b1aa4624dabb25f2896408a7961b1587893ae2f0dc7d5701f02d745bc0670f1d30f2d46e9557592aa4e588ce2
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-