General
-
Target
6933bcecd2c0681ecdbc378b51b97383b95d18df3266d2294727fab93d4e6227
-
Size
1.8MB
-
Sample
220724-sswv4shaal
-
MD5
330849aeb955e4963b40b735b1fffe06
-
SHA1
ef6cce85f0b20c89eaeb14a49e3312102bd7d9a3
-
SHA256
6933bcecd2c0681ecdbc378b51b97383b95d18df3266d2294727fab93d4e6227
-
SHA512
a3e75846091a26bcd441d85111a84353e67de863a670e7254b86b6f51e99ef222c86fab54b8b54ade298bd1a1aaedd7b3e8e933b45c2996a1a81dff9eaa205ae
Static task
static1
Behavioral task
behavioral1
Sample
6933bcecd2c0681ecdbc378b51b97383b95d18df3266d2294727fab93d4e6227.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
6933bcecd2c0681ecdbc378b51b97383b95d18df3266d2294727fab93d4e6227.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
6933bcecd2c0681ecdbc378b51b97383b95d18df3266d2294727fab93d4e6227
-
Size
1.8MB
-
MD5
330849aeb955e4963b40b735b1fffe06
-
SHA1
ef6cce85f0b20c89eaeb14a49e3312102bd7d9a3
-
SHA256
6933bcecd2c0681ecdbc378b51b97383b95d18df3266d2294727fab93d4e6227
-
SHA512
a3e75846091a26bcd441d85111a84353e67de863a670e7254b86b6f51e99ef222c86fab54b8b54ade298bd1a1aaedd7b3e8e933b45c2996a1a81dff9eaa205ae
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-