General

  • Target

    b12b5ab5d46bf8c7ec3392d7a8ce20cd8b6d388784b326cebf21bc0bd5a4bae0

  • Size

    497KB

  • Sample

    221123-k21xesaa45

  • MD5

    9f6d6e5d6c62c441b49547ce3fad75bd

  • SHA1

    5d5851c522dccd615c0b21ae80b6d5e2c6eb17ca

  • SHA256

    b12b5ab5d46bf8c7ec3392d7a8ce20cd8b6d388784b326cebf21bc0bd5a4bae0

  • SHA512

    96eda44630c2fdc01cd03b4b8009d1b56f49c25a1290842ffd898ceebf84a7e36c7ebcf944e6a4e8b0c07e4dd6bd58d6e44be9b2ef47d4419afbf5b7087033e4

  • SSDEEP

    12288:/jqatBqaba6QM3Do0cXC+VYApXJ6a26ZoyqIIhCY:/jqeYaO6QYDPcBVn76a2wPqkY

Score
9/10
upx

Malware Config

Targets

    • Target

      b12b5ab5d46bf8c7ec3392d7a8ce20cd8b6d388784b326cebf21bc0bd5a4bae0

    • Size

      497KB

    • MD5

      9f6d6e5d6c62c441b49547ce3fad75bd

    • SHA1

      5d5851c522dccd615c0b21ae80b6d5e2c6eb17ca

    • SHA256

      b12b5ab5d46bf8c7ec3392d7a8ce20cd8b6d388784b326cebf21bc0bd5a4bae0

    • SHA512

      96eda44630c2fdc01cd03b4b8009d1b56f49c25a1290842ffd898ceebf84a7e36c7ebcf944e6a4e8b0c07e4dd6bd58d6e44be9b2ef47d4419afbf5b7087033e4

    • SSDEEP

      12288:/jqatBqaba6QM3Do0cXC+VYApXJ6a26ZoyqIIhCY:/jqeYaO6QYDPcBVn76a2wPqkY

    Score
    9/10
    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks