General
-
Target
0aaceac4735ee5d5b38ab6d1c93e9f8f9e4e6bba0b34b14ee102fc62f8a1662f
-
Size
610KB
-
Sample
221001-27wnbsbde9
-
MD5
6fe53e055d42ad6afb385b49ae850e50
-
SHA1
f261a8717b66f88b98d1347032bf87992346e532
-
SHA256
0aaceac4735ee5d5b38ab6d1c93e9f8f9e4e6bba0b34b14ee102fc62f8a1662f
-
SHA512
328d9b2f1eac09d50ce7c919350b423c5ec2666de2e519295e1b8496b55470510f8327c6d225d0238eeebaa60f72b0779f5d557cc6f281a8d1d9bc04bde16356
-
SSDEEP
12288:WkgPZo90EPFHv7nItXwYxv8ZEw65WAncif6sAZXWPZsl3m:Oo0E5I/xEQKif8Wm
Malware Config
Targets
-
-
Target
0aaceac4735ee5d5b38ab6d1c93e9f8f9e4e6bba0b34b14ee102fc62f8a1662f
-
Size
610KB
-
MD5
6fe53e055d42ad6afb385b49ae850e50
-
SHA1
f261a8717b66f88b98d1347032bf87992346e532
-
SHA256
0aaceac4735ee5d5b38ab6d1c93e9f8f9e4e6bba0b34b14ee102fc62f8a1662f
-
SHA512
328d9b2f1eac09d50ce7c919350b423c5ec2666de2e519295e1b8496b55470510f8327c6d225d0238eeebaa60f72b0779f5d557cc6f281a8d1d9bc04bde16356
-
SSDEEP
12288:WkgPZo90EPFHv7nItXwYxv8ZEw65WAncif6sAZXWPZsl3m:Oo0E5I/xEQKif8Wm
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-