General
-
Target
b12b5ab5d46bf8c7ec3392d7a8ce20cd8b6d388784b326cebf21bc0bd5a4bae0
-
Size
497KB
-
Sample
221123-k21xesaa45
-
MD5
9f6d6e5d6c62c441b49547ce3fad75bd
-
SHA1
5d5851c522dccd615c0b21ae80b6d5e2c6eb17ca
-
SHA256
b12b5ab5d46bf8c7ec3392d7a8ce20cd8b6d388784b326cebf21bc0bd5a4bae0
-
SHA512
96eda44630c2fdc01cd03b4b8009d1b56f49c25a1290842ffd898ceebf84a7e36c7ebcf944e6a4e8b0c07e4dd6bd58d6e44be9b2ef47d4419afbf5b7087033e4
-
SSDEEP
12288:/jqatBqaba6QM3Do0cXC+VYApXJ6a26ZoyqIIhCY:/jqeYaO6QYDPcBVn76a2wPqkY
Static task
static1
Behavioral task
behavioral1
Sample
b12b5ab5d46bf8c7ec3392d7a8ce20cd8b6d388784b326cebf21bc0bd5a4bae0.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b12b5ab5d46bf8c7ec3392d7a8ce20cd8b6d388784b326cebf21bc0bd5a4bae0.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
b12b5ab5d46bf8c7ec3392d7a8ce20cd8b6d388784b326cebf21bc0bd5a4bae0
-
Size
497KB
-
MD5
9f6d6e5d6c62c441b49547ce3fad75bd
-
SHA1
5d5851c522dccd615c0b21ae80b6d5e2c6eb17ca
-
SHA256
b12b5ab5d46bf8c7ec3392d7a8ce20cd8b6d388784b326cebf21bc0bd5a4bae0
-
SHA512
96eda44630c2fdc01cd03b4b8009d1b56f49c25a1290842ffd898ceebf84a7e36c7ebcf944e6a4e8b0c07e4dd6bd58d6e44be9b2ef47d4419afbf5b7087033e4
-
SSDEEP
12288:/jqatBqaba6QM3Do0cXC+VYApXJ6a26ZoyqIIhCY:/jqeYaO6QYDPcBVn76a2wPqkY
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-