General
-
Target
8695c13af783ae8e8f5edcd9a00dd9f6fb7463fa0169c4e68912efc7ccb6ede1
-
Size
1MB
-
Sample
220725-dhgk4scbfl
-
MD5
e76d372009da47459141bdc877cb4c85
-
SHA1
0b912ee31f2ab77412552c47e59318e3666961ba
-
SHA256
8695c13af783ae8e8f5edcd9a00dd9f6fb7463fa0169c4e68912efc7ccb6ede1
-
SHA512
ae91322e94faf995ce9f457e4f6ce418888f547b980712bb81e93ee3169a8f6f5e7a87da7bc95ba54460cad537aef8bf78e1a113a99be99da3b16a9ca4f52273
Behavioral task
behavioral1
Sample
8695c13af783ae8e8f5edcd9a00dd9f6fb7463fa0169c4e68912efc7ccb6ede1.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
8695c13af783ae8e8f5edcd9a00dd9f6fb7463fa0169c4e68912efc7ccb6ede1.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
8695c13af783ae8e8f5edcd9a00dd9f6fb7463fa0169c4e68912efc7ccb6ede1
-
Size
1MB
-
MD5
e76d372009da47459141bdc877cb4c85
-
SHA1
0b912ee31f2ab77412552c47e59318e3666961ba
-
SHA256
8695c13af783ae8e8f5edcd9a00dd9f6fb7463fa0169c4e68912efc7ccb6ede1
-
SHA512
ae91322e94faf995ce9f457e4f6ce418888f547b980712bb81e93ee3169a8f6f5e7a87da7bc95ba54460cad537aef8bf78e1a113a99be99da3b16a9ca4f52273
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-