General
-
Target
a9c9e0b446774499b7b7d597d30633f3fd0c6859497471a84b3e9c7efe6e1ba3
-
Size
747KB
-
Sample
221001-2amn6abbgl
-
MD5
624efd0390a6b4fbc2d843d830c569b0
-
SHA1
887b364d5dfdeb1d94bfbb26e906a7dafdc2008c
-
SHA256
a9c9e0b446774499b7b7d597d30633f3fd0c6859497471a84b3e9c7efe6e1ba3
-
SHA512
0db13973800062ed9483061fe48155cdbc79844d00a5c8c65405893a8f891bfb2dee01c42d2aec658f1acb0c43bd4a95de76b344cff6b5169c96e2b2a212a631
-
SSDEEP
12288:SGV+hAV/4KicsXX3Ih5sm6RnP8dLssPQAutqEkVntPoM:zVdCXXppuYAFVntQ
Malware Config
Targets
-
-
Target
a9c9e0b446774499b7b7d597d30633f3fd0c6859497471a84b3e9c7efe6e1ba3
-
Size
747KB
-
MD5
624efd0390a6b4fbc2d843d830c569b0
-
SHA1
887b364d5dfdeb1d94bfbb26e906a7dafdc2008c
-
SHA256
a9c9e0b446774499b7b7d597d30633f3fd0c6859497471a84b3e9c7efe6e1ba3
-
SHA512
0db13973800062ed9483061fe48155cdbc79844d00a5c8c65405893a8f891bfb2dee01c42d2aec658f1acb0c43bd4a95de76b344cff6b5169c96e2b2a212a631
-
SSDEEP
12288:SGV+hAV/4KicsXX3Ih5sm6RnP8dLssPQAutqEkVntPoM:zVdCXXppuYAFVntQ
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-