General
-
Target
8b951df5a82464480141242d2d02b0cf49ec7ceb172c9fb1bf3827dcb14b50ff
-
Size
627KB
-
Sample
221123-sy5p7sff8w
-
MD5
c0dbf7da39a106dd0bd52425ecc7c7fb
-
SHA1
2e3e1013e2c37b2e494b1d21fad30535e0c95c56
-
SHA256
8b951df5a82464480141242d2d02b0cf49ec7ceb172c9fb1bf3827dcb14b50ff
-
SHA512
7573c3cd6729e10d5cc6a6d3e9050ad7303b088d33364ba3887069e31f9e8aebdf719eccde89d95b098b3a3778932205075ee2be07ac7f2b4b2216733bdfbe8c
-
SSDEEP
12288:DHGMlyPzdD0cxpxX7/cTb8rMpyRZfMgoCvUFhi:bqPL1rgAYuZL
Malware Config
Targets
-
-
Target
8b951df5a82464480141242d2d02b0cf49ec7ceb172c9fb1bf3827dcb14b50ff
-
Size
627KB
-
MD5
c0dbf7da39a106dd0bd52425ecc7c7fb
-
SHA1
2e3e1013e2c37b2e494b1d21fad30535e0c95c56
-
SHA256
8b951df5a82464480141242d2d02b0cf49ec7ceb172c9fb1bf3827dcb14b50ff
-
SHA512
7573c3cd6729e10d5cc6a6d3e9050ad7303b088d33364ba3887069e31f9e8aebdf719eccde89d95b098b3a3778932205075ee2be07ac7f2b4b2216733bdfbe8c
-
SSDEEP
12288:DHGMlyPzdD0cxpxX7/cTb8rMpyRZfMgoCvUFhi:bqPL1rgAYuZL
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-