General
-
Target
4f6c7376d1d8f4a053cd1012979a89234754a83176949bea931ca5772ff720c3
-
Size
958KB
-
Sample
220720-cjsjbsadc2
-
MD5
ad5dc6ea0f64a5a16fe225a011c2a023
-
SHA1
ccaa2ede5a16f03cf7982250d934c521c08042c4
-
SHA256
4f6c7376d1d8f4a053cd1012979a89234754a83176949bea931ca5772ff720c3
-
SHA512
b2c35f8e6b05bc2636136a045d75aebbc1fe3940caec3c73f4c06e6db9a6e3d099943d95edf7223e1045b8a990cff7499200241157f192d0cd1d7a98dcb22109
Static task
static1
Behavioral task
behavioral1
Sample
4f6c7376d1d8f4a053cd1012979a89234754a83176949bea931ca5772ff720c3.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
4f6c7376d1d8f4a053cd1012979a89234754a83176949bea931ca5772ff720c3
-
Size
958KB
-
MD5
ad5dc6ea0f64a5a16fe225a011c2a023
-
SHA1
ccaa2ede5a16f03cf7982250d934c521c08042c4
-
SHA256
4f6c7376d1d8f4a053cd1012979a89234754a83176949bea931ca5772ff720c3
-
SHA512
b2c35f8e6b05bc2636136a045d75aebbc1fe3940caec3c73f4c06e6db9a6e3d099943d95edf7223e1045b8a990cff7499200241157f192d0cd1d7a98dcb22109
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-