General
-
Target
Payment Advice - Advice Ref[GLV404865688] Pr.exe
-
Size
801KB
-
Sample
220725-gvwscaaafk
-
MD5
48d20d1c2a35604525157b95b44f4d3c
-
SHA1
2c8f02b4a0530457cbc633445bf9d11b8f12b81b
-
SHA256
9433ec5758b48a6193b6b80ac03df0acf553d2ebeba04d84b6dbec9558a6e035
-
SHA512
38f2cd76936ba2ff76df0097b574ce7d6847965d5fccf16eae2ddbb7b097b05fe9db20b280d876041d0c48c92e176fbed6624a12f1d7e014401f2d17cc2b3d61
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice - Advice Ref[GLV404865688] Pr.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Payment Advice - Advice Ref[GLV404865688] Pr.exe
Resource
win10v2004-20220722-en
Malware Config
Targets
-
-
Target
Payment Advice - Advice Ref[GLV404865688] Pr.exe
-
Size
801KB
-
MD5
48d20d1c2a35604525157b95b44f4d3c
-
SHA1
2c8f02b4a0530457cbc633445bf9d11b8f12b81b
-
SHA256
9433ec5758b48a6193b6b80ac03df0acf553d2ebeba04d84b6dbec9558a6e035
-
SHA512
38f2cd76936ba2ff76df0097b574ce7d6847965d5fccf16eae2ddbb7b097b05fe9db20b280d876041d0c48c92e176fbed6624a12f1d7e014401f2d17cc2b3d61
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE Remocs 3.x Unencrypted Checkin
suricata: ET MALWARE Remocs 3.x Unencrypted Checkin
-
suricata: ET MALWARE Remocs 3.x Unencrypted Server Response
suricata: ET MALWARE Remocs 3.x Unencrypted Server Response
-
ModiLoader Second Stage
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-