Overview

overview

9

Static

static

6127569ded...ce.exe

windows7-x64

9

6127569ded...ce.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6127569ded7e72a45f8a843a862e2cceb19bc01a747cb09d37e56030843696ce

  • Size

    574KB

  • Sample

    220730-1xnpasahgn

  • MD5

    77381d5ad94b32aeb2f376cb2133331f

  • SHA1

    4c015fa42ffd0e1f83a54eb9eb9a34ebfcbed87d

  • SHA256

    6127569ded7e72a45f8a843a862e2cceb19bc01a747cb09d37e56030843696ce

  • SHA512

    308cb210c340c92d756189326982dcbe6e4ae114e2127b9fc1ce67cb689cf630628eeebd68aa95dd646760d6a05845ab6df7bc156762898e7e230ef3eb2286cb

Score
9/10
collection

Malware Config

Targets

    • Target

      6127569ded7e72a45f8a843a862e2cceb19bc01a747cb09d37e56030843696ce

    • Size

      574KB

    • MD5

      77381d5ad94b32aeb2f376cb2133331f

    • SHA1

      4c015fa42ffd0e1f83a54eb9eb9a34ebfcbed87d

    • SHA256

      6127569ded7e72a45f8a843a862e2cceb19bc01a747cb09d37e56030843696ce

    • SHA512

      308cb210c340c92d756189326982dcbe6e4ae114e2127b9fc1ce67cb689cf630628eeebd68aa95dd646760d6a05845ab6df7bc156762898e7e230ef3eb2286cb

    Score
    9/10
    collection

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks