General
-
Target
72b07835503273dc7f135f14dfe3a5ae6eae19675f19f2e3147a89123018464b
-
Size
2.7MB
-
Sample
220731-ltdycsaea9
-
MD5
5d455092970ee2f4a00ac451ca4d4903
-
SHA1
3912ec755f8a40400ffb684991d2f75cb104cec6
-
SHA256
72b07835503273dc7f135f14dfe3a5ae6eae19675f19f2e3147a89123018464b
-
SHA512
0f0b442d9e51df7573b847418be5aea84b940b9d45010c3c23821ff7b8daec1408e9da2d1f4caca868f5aa76bb9448ecedd339c7892f8db3f9554a3a01fc7b23
Static task
static1
Behavioral task
behavioral1
Sample
72b07835503273dc7f135f14dfe3a5ae6eae19675f19f2e3147a89123018464b.rtf
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
72b07835503273dc7f135f14dfe3a5ae6eae19675f19f2e3147a89123018464b.rtf
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
72b07835503273dc7f135f14dfe3a5ae6eae19675f19f2e3147a89123018464b
-
Size
2.7MB
-
MD5
5d455092970ee2f4a00ac451ca4d4903
-
SHA1
3912ec755f8a40400ffb684991d2f75cb104cec6
-
SHA256
72b07835503273dc7f135f14dfe3a5ae6eae19675f19f2e3147a89123018464b
-
SHA512
0f0b442d9e51df7573b847418be5aea84b940b9d45010c3c23821ff7b8daec1408e9da2d1f4caca868f5aa76bb9448ecedd339c7892f8db3f9554a3a01fc7b23
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-