General
-
Target
a98a8a772db4b4f2d3af1b20b8429ec890185ce2d7f8a6c1897fd528dabd05b2
-
Size
1.0MB
-
Sample
220725-dxrdvschaj
-
MD5
a1e871d71f4a904c9eda398b41b9649e
-
SHA1
d2215fc0369bddf2e39a1a263e94f2bc255d7702
-
SHA256
a98a8a772db4b4f2d3af1b20b8429ec890185ce2d7f8a6c1897fd528dabd05b2
-
SHA512
68e8d6dd8f976a4600d69d99a148a32ff788bdafd818ff16bca78b72a67842e4e84c9dd87aab28416013a92bbc7a634845c4f2fea57d7ee469b5ed06be306501
Static task
static1
Behavioral task
behavioral1
Sample
a98a8a772db4b4f2d3af1b20b8429ec890185ce2d7f8a6c1897fd528dabd05b2.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
a98a8a772db4b4f2d3af1b20b8429ec890185ce2d7f8a6c1897fd528dabd05b2.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
a98a8a772db4b4f2d3af1b20b8429ec890185ce2d7f8a6c1897fd528dabd05b2
-
Size
1.0MB
-
MD5
a1e871d71f4a904c9eda398b41b9649e
-
SHA1
d2215fc0369bddf2e39a1a263e94f2bc255d7702
-
SHA256
a98a8a772db4b4f2d3af1b20b8429ec890185ce2d7f8a6c1897fd528dabd05b2
-
SHA512
68e8d6dd8f976a4600d69d99a148a32ff788bdafd818ff16bca78b72a67842e4e84c9dd87aab28416013a92bbc7a634845c4f2fea57d7ee469b5ed06be306501
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-