General
-
Target
472850f10a31b73507eff393a85df997b3a154bdbca8a4b4da5b2b86d34b7f2d
-
Size
917KB
-
Sample
220714-jeq82acfdl
-
MD5
3035f93f329aa869a91015f30981e6e5
-
SHA1
d916f5ac85851ec9880cb4262b6fd8884a1ffc28
-
SHA256
472850f10a31b73507eff393a85df997b3a154bdbca8a4b4da5b2b86d34b7f2d
-
SHA512
732dbeb4a27e07a8b4029a960ff5d6488741f83046c0ac0378bde23d21cf5a61305249be270511ff2ce1fbb543efd611ee8b9e1fcc29e18fdc55c4653cdef6fc
Static task
static1
Behavioral task
behavioral1
Sample
472850f10a31b73507eff393a85df997b3a154bdbca8a4b4da5b2b86d34b7f2d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
472850f10a31b73507eff393a85df997b3a154bdbca8a4b4da5b2b86d34b7f2d.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
472850f10a31b73507eff393a85df997b3a154bdbca8a4b4da5b2b86d34b7f2d
-
Size
917KB
-
MD5
3035f93f329aa869a91015f30981e6e5
-
SHA1
d916f5ac85851ec9880cb4262b6fd8884a1ffc28
-
SHA256
472850f10a31b73507eff393a85df997b3a154bdbca8a4b4da5b2b86d34b7f2d
-
SHA512
732dbeb4a27e07a8b4029a960ff5d6488741f83046c0ac0378bde23d21cf5a61305249be270511ff2ce1fbb543efd611ee8b9e1fcc29e18fdc55c4653cdef6fc
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-