General
-
Target
df1e9c32dca0bfb46f837503fdfaf837c0f2422ab2e20e82bc728d192e069806
-
Size
706KB
-
Sample
221123-k3tjqsaa83
-
MD5
4b7ee56888a0acd71058bf1f024c0af4
-
SHA1
10372be5eff74427006c6313409a32949c4d1995
-
SHA256
df1e9c32dca0bfb46f837503fdfaf837c0f2422ab2e20e82bc728d192e069806
-
SHA512
85bbd2c0ff4d8b72ca8dab0b6c10347c23284514d14b7ccdcba05adb61a9160e31d9768ceec3519caa4a9265ee26473d7d92e9763017b7463f652d2ca6b75c0f
-
SSDEEP
12288:fcAZuLDjFjOf8XjkphHMumlJ/8P0kLAyIqdyLXAF9KxEzHLTTrm+pLFys8a3:qvNfQphsueJtkwXO9MELT3m+pd8a
Malware Config
Targets
-
-
Target
df1e9c32dca0bfb46f837503fdfaf837c0f2422ab2e20e82bc728d192e069806
-
Size
706KB
-
MD5
4b7ee56888a0acd71058bf1f024c0af4
-
SHA1
10372be5eff74427006c6313409a32949c4d1995
-
SHA256
df1e9c32dca0bfb46f837503fdfaf837c0f2422ab2e20e82bc728d192e069806
-
SHA512
85bbd2c0ff4d8b72ca8dab0b6c10347c23284514d14b7ccdcba05adb61a9160e31d9768ceec3519caa4a9265ee26473d7d92e9763017b7463f652d2ca6b75c0f
-
SSDEEP
12288:fcAZuLDjFjOf8XjkphHMumlJ/8P0kLAyIqdyLXAF9KxEzHLTTrm+pLFys8a3:qvNfQphsueJtkwXO9MELT3m+pd8a
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-