General
-
Target
55397598501af363b49f8ebb09b5328357ea4bb1522ae5fa26384ddecae58019
-
Size
741KB
-
Sample
220725-t6zplaeeg3
-
MD5
7563f26bececeda03204733e06cc06c3
-
SHA1
54e5f16147df489a2f1fd7a02cc496a5c334697c
-
SHA256
55397598501af363b49f8ebb09b5328357ea4bb1522ae5fa26384ddecae58019
-
SHA512
bf42b6ce06b5d1ad7ced233e838a264fb1d31914627b294a036d6d9346e76fd48d34dbf03e562c9b951d772e806e94c62dbef4743313fa226eddbc316f8ece7b
Static task
static1
Behavioral task
behavioral1
Sample
55397598501af363b49f8ebb09b5328357ea4bb1522ae5fa26384ddecae58019.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
55397598501af363b49f8ebb09b5328357ea4bb1522ae5fa26384ddecae58019
-
Size
741KB
-
MD5
7563f26bececeda03204733e06cc06c3
-
SHA1
54e5f16147df489a2f1fd7a02cc496a5c334697c
-
SHA256
55397598501af363b49f8ebb09b5328357ea4bb1522ae5fa26384ddecae58019
-
SHA512
bf42b6ce06b5d1ad7ced233e838a264fb1d31914627b294a036d6d9346e76fd48d34dbf03e562c9b951d772e806e94c62dbef4743313fa226eddbc316f8ece7b
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-