General
-
Target
ac58566b0816ed10555d42d221bf5c12a70754e33b76adaf38253786ce57fa71
-
Size
424KB
-
Sample
221123-qnth3sed87
-
MD5
aa764c52771914cdfb3f246162ff407c
-
SHA1
a05a64765f4809ab09d6c38eaa6cfe12e6a10905
-
SHA256
ac58566b0816ed10555d42d221bf5c12a70754e33b76adaf38253786ce57fa71
-
SHA512
c3b522ca6530220435fa027d17e905dbf7ad9991e9e65d07ddad0e8cb51f55e479f35d11f2e289beda3d2c24bc7aef8c583a2b13df93598e495a1e734e6e5146
-
SSDEEP
6144:RtvAvgwGaWEWS7WjpCwhj8cuEMDTr8x3EsznmkVq78+OYxsy2v6qF8rbJVktqB5u:7AvgmWS7WjGcsX8Okdq78r9VFw7JT1J
Static task
static1
Behavioral task
behavioral1
Sample
ac58566b0816ed10555d42d221bf5c12a70754e33b76adaf38253786ce57fa71.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ac58566b0816ed10555d42d221bf5c12a70754e33b76adaf38253786ce57fa71.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
ac58566b0816ed10555d42d221bf5c12a70754e33b76adaf38253786ce57fa71
-
Size
424KB
-
MD5
aa764c52771914cdfb3f246162ff407c
-
SHA1
a05a64765f4809ab09d6c38eaa6cfe12e6a10905
-
SHA256
ac58566b0816ed10555d42d221bf5c12a70754e33b76adaf38253786ce57fa71
-
SHA512
c3b522ca6530220435fa027d17e905dbf7ad9991e9e65d07ddad0e8cb51f55e479f35d11f2e289beda3d2c24bc7aef8c583a2b13df93598e495a1e734e6e5146
-
SSDEEP
6144:RtvAvgwGaWEWS7WjpCwhj8cuEMDTr8x3EsznmkVq78+OYxsy2v6qF8rbJVktqB5u:7AvgmWS7WjGcsX8Okdq78r9VFw7JT1J
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-