General
-
Target
4e3de3da36391dedb0f86a255ddcf74edc94b2363cbf4ff1fa22c5f8f45636cc
-
Size
689KB
-
Sample
220720-wvzassegdp
-
MD5
6c85faa32d34646e1d77df136d2b92cc
-
SHA1
323f197579f40381fffa6a3ac1b462563def8e68
-
SHA256
4e3de3da36391dedb0f86a255ddcf74edc94b2363cbf4ff1fa22c5f8f45636cc
-
SHA512
161a7c452ee9915cd6f7c51b70466762bfe65125b6a14103e785c66f8c6a2cbe2935885353a71eddbc4f7e74bb1a5a9945f0f670cde1a2e6ec8199e9478fa172
Static task
static1
Behavioral task
behavioral1
Sample
4e3de3da36391dedb0f86a255ddcf74edc94b2363cbf4ff1fa22c5f8f45636cc.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
4e3de3da36391dedb0f86a255ddcf74edc94b2363cbf4ff1fa22c5f8f45636cc
-
Size
689KB
-
MD5
6c85faa32d34646e1d77df136d2b92cc
-
SHA1
323f197579f40381fffa6a3ac1b462563def8e68
-
SHA256
4e3de3da36391dedb0f86a255ddcf74edc94b2363cbf4ff1fa22c5f8f45636cc
-
SHA512
161a7c452ee9915cd6f7c51b70466762bfe65125b6a14103e785c66f8c6a2cbe2935885353a71eddbc4f7e74bb1a5a9945f0f670cde1a2e6ec8199e9478fa172
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-