General
-
Target
5c00f9528d06ab9f9d4ca56d32c71a16b1c7b190203a079203afc56528508828
-
Size
821KB
-
Sample
220801-td3ksadbfn
-
MD5
7a7d4707e5f19d9a3199f735476bc01a
-
SHA1
6fc359ecf7335b36012332afe1b57a197902419d
-
SHA256
5c00f9528d06ab9f9d4ca56d32c71a16b1c7b190203a079203afc56528508828
-
SHA512
e4e1c8a0ae313346c59791e85658b6d4e314e76d143b3f356bd5235dad5da23e776f5c891594211c12ba3ba56bc1c32a01a6e91617f7be8ee8f2ff13eb053984
Static task
static1
Behavioral task
behavioral1
Sample
5c00f9528d06ab9f9d4ca56d32c71a16b1c7b190203a079203afc56528508828.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
5c00f9528d06ab9f9d4ca56d32c71a16b1c7b190203a079203afc56528508828.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
5c00f9528d06ab9f9d4ca56d32c71a16b1c7b190203a079203afc56528508828
-
Size
821KB
-
MD5
7a7d4707e5f19d9a3199f735476bc01a
-
SHA1
6fc359ecf7335b36012332afe1b57a197902419d
-
SHA256
5c00f9528d06ab9f9d4ca56d32c71a16b1c7b190203a079203afc56528508828
-
SHA512
e4e1c8a0ae313346c59791e85658b6d4e314e76d143b3f356bd5235dad5da23e776f5c891594211c12ba3ba56bc1c32a01a6e91617f7be8ee8f2ff13eb053984
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-