General
-
Target
4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42
-
Size
950KB
-
Sample
220720-wm4wbaedfl
-
MD5
72a29aa3364417f3194f8e34fad82668
-
SHA1
cf4940254b4e130addb8b76f6d654bd423fc341c
-
SHA256
4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42
-
SHA512
0f2a2b3d7344325050f8c92b2f6d260971581b722f9a7abb2277f761a3bc70f6300e1f09180f40c48f90a5c9dfd9c6ab87ec43b63bd4efc8b7697cfff41f5d82
Static task
static1
Behavioral task
behavioral1
Sample
4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42.exe
Resource
win10v2004-20220718-en
Malware Config
Targets
-
-
Target
4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42
-
Size
950KB
-
MD5
72a29aa3364417f3194f8e34fad82668
-
SHA1
cf4940254b4e130addb8b76f6d654bd423fc341c
-
SHA256
4e4da37e825b035f8be12be4d37fffcd76b1e93b216c99e0e12d585697dafc42
-
SHA512
0f2a2b3d7344325050f8c92b2f6d260971581b722f9a7abb2277f761a3bc70f6300e1f09180f40c48f90a5c9dfd9c6ab87ec43b63bd4efc8b7697cfff41f5d82
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-