General
-
Target
0cb7627e7229d363082566f45852613fd1c253132df9db3fe2f9d0fa99fa06f5
-
Size
1.5MB
-
Sample
220724-yhsctsebc3
-
MD5
ca3bb1d2b3d82bd67aad138c7b0c2f9a
-
SHA1
9327b0e9b4a374ab1b3087e301d90aaf0cae8c18
-
SHA256
0cb7627e7229d363082566f45852613fd1c253132df9db3fe2f9d0fa99fa06f5
-
SHA512
8b5424dbf053491f3448dfac3d6c794b76d79edb97093de6e23e37deeccbca4690ba20bee3b5d4f767d32f36746a695b31b2047dea354fa0e850c0cacebb9ea5
Static task
static1
Behavioral task
behavioral1
Sample
0cb7627e7229d363082566f45852613fd1c253132df9db3fe2f9d0fa99fa06f5.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
0cb7627e7229d363082566f45852613fd1c253132df9db3fe2f9d0fa99fa06f5
-
Size
1.5MB
-
MD5
ca3bb1d2b3d82bd67aad138c7b0c2f9a
-
SHA1
9327b0e9b4a374ab1b3087e301d90aaf0cae8c18
-
SHA256
0cb7627e7229d363082566f45852613fd1c253132df9db3fe2f9d0fa99fa06f5
-
SHA512
8b5424dbf053491f3448dfac3d6c794b76d79edb97093de6e23e37deeccbca4690ba20bee3b5d4f767d32f36746a695b31b2047dea354fa0e850c0cacebb9ea5
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-