General
-
Target
c765cec38c79b052050a79ae59b19196d3a5b3fa09466c3361ddaca6b889ffcf
-
Size
701KB
-
Sample
220724-rv298sfgfl
-
MD5
39aa8bf870195a6d7904aa41c547314e
-
SHA1
3153abbf1143330021c11ba40cc6b238fbd7e6a6
-
SHA256
c765cec38c79b052050a79ae59b19196d3a5b3fa09466c3361ddaca6b889ffcf
-
SHA512
eab5118ea43336584a7156314c70ea9c9232f13991b2796186ef0df954ab343cd345b4106c4949e26c71561d9c168f7a591b2c8a043d49efa758316f25cdcf46
Static task
static1
Behavioral task
behavioral1
Sample
c765cec38c79b052050a79ae59b19196d3a5b3fa09466c3361ddaca6b889ffcf.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
c765cec38c79b052050a79ae59b19196d3a5b3fa09466c3361ddaca6b889ffcf.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
c765cec38c79b052050a79ae59b19196d3a5b3fa09466c3361ddaca6b889ffcf
-
Size
701KB
-
MD5
39aa8bf870195a6d7904aa41c547314e
-
SHA1
3153abbf1143330021c11ba40cc6b238fbd7e6a6
-
SHA256
c765cec38c79b052050a79ae59b19196d3a5b3fa09466c3361ddaca6b889ffcf
-
SHA512
eab5118ea43336584a7156314c70ea9c9232f13991b2796186ef0df954ab343cd345b4106c4949e26c71561d9c168f7a591b2c8a043d49efa758316f25cdcf46
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-