6127569ded7e72a45f8a843a862e2cceb19bc01a747cb09d37e56030843696ce | Triage

Submit
Reports

Overview

overview

9

Static

static

6127569ded...ce.exe

windows7-x64

9

6127569ded...ce.exe

windows10-2004-x64

9

Sharing

General

Target

6127569ded7e72a45f8a843a862e2cceb19bc01a747cb09d37e56030843696ce
Size

574KB
Sample

220730-1xnpasahgn
MD5

77381d5ad94b32aeb2f376cb2133331f
SHA1

4c015fa42ffd0e1f83a54eb9eb9a34ebfcbed87d
SHA256

6127569ded7e72a45f8a843a862e2cceb19bc01a747cb09d37e56030843696ce
SHA512

308cb210c340c92d756189326982dcbe6e4ae114e2127b9fc1ce67cb689cf630628eeebd68aa95dd646760d6a05845ab6df7bc156762898e7e230ef3eb2286cb

Score

9^/10

collection

Static task

static1

Behavioral task

behavioral1

Sample

6127569ded7e72a45f8a843a862e2cceb19bc01a747cb09d37e56030843696ce.exe

Resource

win7-20220718-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

6127569ded7e72a45f8a843a862e2cceb19bc01a747cb09d37e56030843696ce.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  6127569ded7e72a45f8a843a862e2cceb19bc01a747cb09d37e56030843696ce
- Size
  
  574KB
- MD5
  
  77381d5ad94b32aeb2f376cb2133331f
- SHA1
  
  4c015fa42ffd0e1f83a54eb9eb9a34ebfcbed87d
- SHA256
  
  6127569ded7e72a45f8a843a862e2cceb19bc01a747cb09d37e56030843696ce
- SHA512
  
  308cb210c340c92d756189326982dcbe6e4ae114e2127b9fc1ce67cb689cf630628eeebd68aa95dd646760d6a05845ab6df7bc156762898e7e230ef3eb2286cb
Score

9^/10

collection
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy