General
-
Target
5b92e2de3b847c6a67b04c7aba1410d4a55e5a731f5f820091295fc7a73c23ac
-
Size
979KB
-
Sample
220801-vw8eesgaeq
-
MD5
42879e5b5ca042068b0025c7b4698f77
-
SHA1
913a10a52aa3ebe11b2d4306ded079441f8d19ee
-
SHA256
5b92e2de3b847c6a67b04c7aba1410d4a55e5a731f5f820091295fc7a73c23ac
-
SHA512
bb8aec67709faa3562f334ece99a52baa09d434b6097c01b642136cbe3905640f5212fa414f5f4c206283a19705b43bfe8e7e82668fc3b16900e83532b5cdc19
Static task
static1
Behavioral task
behavioral1
Sample
5b92e2de3b847c6a67b04c7aba1410d4a55e5a731f5f820091295fc7a73c23ac.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5b92e2de3b847c6a67b04c7aba1410d4a55e5a731f5f820091295fc7a73c23ac.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
5b92e2de3b847c6a67b04c7aba1410d4a55e5a731f5f820091295fc7a73c23ac
-
Size
979KB
-
MD5
42879e5b5ca042068b0025c7b4698f77
-
SHA1
913a10a52aa3ebe11b2d4306ded079441f8d19ee
-
SHA256
5b92e2de3b847c6a67b04c7aba1410d4a55e5a731f5f820091295fc7a73c23ac
-
SHA512
bb8aec67709faa3562f334ece99a52baa09d434b6097c01b642136cbe3905640f5212fa414f5f4c206283a19705b43bfe8e7e82668fc3b16900e83532b5cdc19
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-