General
-
Target
18da4411471f52079ee4311d6fd392738922356260c815afd1db5f749344767e
-
Size
552KB
-
Sample
221001-3xrr3acfb5
-
MD5
8e375a094e033136540fdef33c3fad23
-
SHA1
2b731e2b634e3fa3d29f1a6a80a3644f4d51d37d
-
SHA256
18da4411471f52079ee4311d6fd392738922356260c815afd1db5f749344767e
-
SHA512
472b132a559a9c5f1ac275ef69501e8a735236938594e49a9c82db11b1ebc558f892f09401b58597a74393e502b2b141bcb7b64cba6682b1b451c80440e3182f
-
SSDEEP
12288:LjANPOefxwwFUTMoAREOdYQHa/A3Fc7JjoeC:LjkXJBaUEOdL3FcFjoeC
Static task
static1
Behavioral task
behavioral1
Sample
18da4411471f52079ee4311d6fd392738922356260c815afd1db5f749344767e.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
18da4411471f52079ee4311d6fd392738922356260c815afd1db5f749344767e
-
Size
552KB
-
MD5
8e375a094e033136540fdef33c3fad23
-
SHA1
2b731e2b634e3fa3d29f1a6a80a3644f4d51d37d
-
SHA256
18da4411471f52079ee4311d6fd392738922356260c815afd1db5f749344767e
-
SHA512
472b132a559a9c5f1ac275ef69501e8a735236938594e49a9c82db11b1ebc558f892f09401b58597a74393e502b2b141bcb7b64cba6682b1b451c80440e3182f
-
SSDEEP
12288:LjANPOefxwwFUTMoAREOdYQHa/A3Fc7JjoeC:LjkXJBaUEOdL3FcFjoeC
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-