General
-
Target
c134e54f56e5ab761f89b42ac47b74e816dcb419c79bd0ab3e0425b42cf61b61
-
Size
639KB
-
Sample
221123-qfn9dsgh7s
-
MD5
a1305d3db71feebcc0e6420a279f500f
-
SHA1
7f4c7a0e11e2507a98b55c3084c422f5038e5a09
-
SHA256
c134e54f56e5ab761f89b42ac47b74e816dcb419c79bd0ab3e0425b42cf61b61
-
SHA512
024faaee927c7666d5778108fe8c4bac637d2ca4a35ddb217c8a3340a01529015d3b55bd28c048b8c9f901aa646fa343bcf7026251ca939a6c91ca76abab442a
-
SSDEEP
12288:cZaF3OkGWnfgf08o09WnpVKFPcJOk9+AXKCv1xsL56EBW:cZapyAgnUvGji+AXKIzsl6E
Static task
static1
Behavioral task
behavioral1
Sample
c134e54f56e5ab761f89b42ac47b74e816dcb419c79bd0ab3e0425b42cf61b61.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
c134e54f56e5ab761f89b42ac47b74e816dcb419c79bd0ab3e0425b42cf61b61
-
Size
639KB
-
MD5
a1305d3db71feebcc0e6420a279f500f
-
SHA1
7f4c7a0e11e2507a98b55c3084c422f5038e5a09
-
SHA256
c134e54f56e5ab761f89b42ac47b74e816dcb419c79bd0ab3e0425b42cf61b61
-
SHA512
024faaee927c7666d5778108fe8c4bac637d2ca4a35ddb217c8a3340a01529015d3b55bd28c048b8c9f901aa646fa343bcf7026251ca939a6c91ca76abab442a
-
SSDEEP
12288:cZaF3OkGWnfgf08o09WnpVKFPcJOk9+AXKCv1xsL56EBW:cZapyAgnUvGji+AXKIzsl6E
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-