General
-
Target
92e201f3ea2342ff20f442acce50098283f42b5f1cd23a8a1af0f24c74b9b726
-
Size
1.1MB
-
Sample
221122-yd146sac8s
-
MD5
3ff2411c1246b98584d909a889359edf
-
SHA1
2f4daf9cd34379779b0b950af2c26792bdacdca2
-
SHA256
92e201f3ea2342ff20f442acce50098283f42b5f1cd23a8a1af0f24c74b9b726
-
SHA512
782bab7531786669e51ed400ca8fafef6d6a7f78a535c1c184064dbf92c24384604d7b39cca24d60115f39cd9453177fa8182cd2beaef925aa2595ffcd17df6b
-
SSDEEP
24576:fPb8u4LHYR4axPnRgCczRN7yYwNOngDDL2zvATqXmJ:Xb8u4LHYCQR69YN/QAT
Static task
static1
Behavioral task
behavioral1
Sample
92e201f3ea2342ff20f442acce50098283f42b5f1cd23a8a1af0f24c74b9b726.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
92e201f3ea2342ff20f442acce50098283f42b5f1cd23a8a1af0f24c74b9b726.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
92e201f3ea2342ff20f442acce50098283f42b5f1cd23a8a1af0f24c74b9b726
-
Size
1.1MB
-
MD5
3ff2411c1246b98584d909a889359edf
-
SHA1
2f4daf9cd34379779b0b950af2c26792bdacdca2
-
SHA256
92e201f3ea2342ff20f442acce50098283f42b5f1cd23a8a1af0f24c74b9b726
-
SHA512
782bab7531786669e51ed400ca8fafef6d6a7f78a535c1c184064dbf92c24384604d7b39cca24d60115f39cd9453177fa8182cd2beaef925aa2595ffcd17df6b
-
SSDEEP
24576:fPb8u4LHYR4axPnRgCczRN7yYwNOngDDL2zvATqXmJ:Xb8u4LHYCQR69YN/QAT
-
Modifies WinLogon for persistence
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-