General
-
Target
83b2ee96940a6d6fc8f1ee0064cafd17abb9db05e89e1cdb4e207ca2987c2f1d
-
Size
966KB
-
Sample
221123-q4qr5aaf6s
-
MD5
f894cd4217838c01eb188e0e6c02a162
-
SHA1
05ff59b6ff17fdd1d8ce9c1e14346dc93a382ee1
-
SHA256
83b2ee96940a6d6fc8f1ee0064cafd17abb9db05e89e1cdb4e207ca2987c2f1d
-
SHA512
da93bed4ab8cc145e4c60c69b2fc148b2dde9a221791874ff0afbcd7518cbabca90f6f0fc0df134e52f395ca3f9d12e5348f51c6f259db6ce6a1150eed48bba9
-
SSDEEP
24576:j7CIrr0eIp7RYDT18UJaerBvhcPILrrq2tkyzMhGGk:3CWIp7RYCxe1vKPg5kycv
Static task
static1
Behavioral task
behavioral1
Sample
83b2ee96940a6d6fc8f1ee0064cafd17abb9db05e89e1cdb4e207ca2987c2f1d.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
83b2ee96940a6d6fc8f1ee0064cafd17abb9db05e89e1cdb4e207ca2987c2f1d.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
83b2ee96940a6d6fc8f1ee0064cafd17abb9db05e89e1cdb4e207ca2987c2f1d
-
Size
966KB
-
MD5
f894cd4217838c01eb188e0e6c02a162
-
SHA1
05ff59b6ff17fdd1d8ce9c1e14346dc93a382ee1
-
SHA256
83b2ee96940a6d6fc8f1ee0064cafd17abb9db05e89e1cdb4e207ca2987c2f1d
-
SHA512
da93bed4ab8cc145e4c60c69b2fc148b2dde9a221791874ff0afbcd7518cbabca90f6f0fc0df134e52f395ca3f9d12e5348f51c6f259db6ce6a1150eed48bba9
-
SSDEEP
24576:j7CIrr0eIp7RYDT18UJaerBvhcPILrrq2tkyzMhGGk:3CWIp7RYCxe1vKPg5kycv
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-