General
-
Target
556f0baffda31920d6a03dd11a23e1da6357e529cb8496a0780889f3862f2ff2
-
Size
801KB
-
Sample
220725-th18hsdcg8
-
MD5
2ca6228d7cb36535c19627154e590526
-
SHA1
9b7e98453fcd3b0e16605d32c23bbf1958abecf6
-
SHA256
556f0baffda31920d6a03dd11a23e1da6357e529cb8496a0780889f3862f2ff2
-
SHA512
7a0ee58d856589f06e27400d310fa8f71cbe3bb5c755ce50fd4a8f5bbd15155d9d15e5578aea12355937ab026cb569547d9b48b391a3ec3b9c88b524de2390b0
Static task
static1
Behavioral task
behavioral1
Sample
556f0baffda31920d6a03dd11a23e1da6357e529cb8496a0780889f3862f2ff2.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
556f0baffda31920d6a03dd11a23e1da6357e529cb8496a0780889f3862f2ff2
-
Size
801KB
-
MD5
2ca6228d7cb36535c19627154e590526
-
SHA1
9b7e98453fcd3b0e16605d32c23bbf1958abecf6
-
SHA256
556f0baffda31920d6a03dd11a23e1da6357e529cb8496a0780889f3862f2ff2
-
SHA512
7a0ee58d856589f06e27400d310fa8f71cbe3bb5c755ce50fd4a8f5bbd15155d9d15e5578aea12355937ab026cb569547d9b48b391a3ec3b9c88b524de2390b0
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-