General
-
Target
549eff7aa00eb51802988e887308d41e895d287e950c1744eafb1ecc587c0d75
-
Size
608KB
-
Sample
220725-xdv3gsefaq
-
MD5
41ef837433847acf45cee2c98b32afb4
-
SHA1
538892e2ee5b53da1ec8410889aec16f7cba98be
-
SHA256
549eff7aa00eb51802988e887308d41e895d287e950c1744eafb1ecc587c0d75
-
SHA512
c01904daec1f8ca4114e3ed6daddbe45a891ec3f88568bc875dd6c85a910b20749262f31eb8ffb910e25947e06499d808c8c5a674ef5e5989260949e84c2509b
Malware Config
Targets
-
-
Target
549eff7aa00eb51802988e887308d41e895d287e950c1744eafb1ecc587c0d75
-
Size
608KB
-
MD5
41ef837433847acf45cee2c98b32afb4
-
SHA1
538892e2ee5b53da1ec8410889aec16f7cba98be
-
SHA256
549eff7aa00eb51802988e887308d41e895d287e950c1744eafb1ecc587c0d75
-
SHA512
c01904daec1f8ca4114e3ed6daddbe45a891ec3f88568bc875dd6c85a910b20749262f31eb8ffb910e25947e06499d808c8c5a674ef5e5989260949e84c2509b
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-