General
-
Target
d739bdb54c88b5b4165d9f20c687dcd178061dc76efcb92a8c349c2cf2daa7cb
-
Size
728KB
-
Sample
220724-2h9hwsbad3
-
MD5
b31b2fd4a9b34a8444a05aa43c7869f6
-
SHA1
2916e092aebc7070d69f5f698c38e0e88bb651cb
-
SHA256
d739bdb54c88b5b4165d9f20c687dcd178061dc76efcb92a8c349c2cf2daa7cb
-
SHA512
fca7c2b6079304f69c9d961983c0444d008d21b71d57f81b480032d8ce50c9c349b704d7c391a8d46c885d544b1b7cf53043c4a2e2b9debf8d2c7fe74f7e88a7
Static task
static1
Behavioral task
behavioral1
Sample
d739bdb54c88b5b4165d9f20c687dcd178061dc76efcb92a8c349c2cf2daa7cb.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
d739bdb54c88b5b4165d9f20c687dcd178061dc76efcb92a8c349c2cf2daa7cb
-
Size
728KB
-
MD5
b31b2fd4a9b34a8444a05aa43c7869f6
-
SHA1
2916e092aebc7070d69f5f698c38e0e88bb651cb
-
SHA256
d739bdb54c88b5b4165d9f20c687dcd178061dc76efcb92a8c349c2cf2daa7cb
-
SHA512
fca7c2b6079304f69c9d961983c0444d008d21b71d57f81b480032d8ce50c9c349b704d7c391a8d46c885d544b1b7cf53043c4a2e2b9debf8d2c7fe74f7e88a7
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-