General
-
Target
5c789f2a59680e623471992d88669b2b647f591c2a9a4deffef8fc0d6d10e5fd
-
Size
1.2MB
-
Sample
220801-g4tpcaddc9
-
MD5
75684f829aff242f682fb9959cd33c5e
-
SHA1
6256f770e8d0f290a4a0122017e206c2a6f7aa16
-
SHA256
5c789f2a59680e623471992d88669b2b647f591c2a9a4deffef8fc0d6d10e5fd
-
SHA512
2a361fd57dc79588b998e548a71a8c37fe3eb69f531d4e338d0629cf310e07514571aca3f5111994e70bc8121d3861a03d76217c3245c23185fe32667d0974a2
Static task
static1
Behavioral task
behavioral1
Sample
5c789f2a59680e623471992d88669b2b647f591c2a9a4deffef8fc0d6d10e5fd.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5c789f2a59680e623471992d88669b2b647f591c2a9a4deffef8fc0d6d10e5fd.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
5c789f2a59680e623471992d88669b2b647f591c2a9a4deffef8fc0d6d10e5fd
-
Size
1.2MB
-
MD5
75684f829aff242f682fb9959cd33c5e
-
SHA1
6256f770e8d0f290a4a0122017e206c2a6f7aa16
-
SHA256
5c789f2a59680e623471992d88669b2b647f591c2a9a4deffef8fc0d6d10e5fd
-
SHA512
2a361fd57dc79588b998e548a71a8c37fe3eb69f531d4e338d0629cf310e07514571aca3f5111994e70bc8121d3861a03d76217c3245c23185fe32667d0974a2
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-