General
-
Target
011a83621fc115c02a133e887dfd4873520cbda105384a6eac1dd9008cc3421d
-
Size
819KB
-
Sample
221123-wmz75afd5t
-
MD5
d01d00c8e3827ed23b6bfa86fa20ec64
-
SHA1
58206786f3cb06b38aa5131f1fd617df5846534e
-
SHA256
011a83621fc115c02a133e887dfd4873520cbda105384a6eac1dd9008cc3421d
-
SHA512
1ba669e22373031ab06320cbaeb7f684abc7873bb17c397d68140f60f97238453a41ef41a8f970d910139532148b650a1f014c3340456a4c84a26a8548da01dd
-
SSDEEP
12288:sscf6Itg+WOMD4rEr1yq9sZfHZrijZUyOD2zzmQceG:WCIJnra1yHtZWlUyODo9cF
Static task
static1
Behavioral task
behavioral1
Sample
011a83621fc115c02a133e887dfd4873520cbda105384a6eac1dd9008cc3421d.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
011a83621fc115c02a133e887dfd4873520cbda105384a6eac1dd9008cc3421d.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
011a83621fc115c02a133e887dfd4873520cbda105384a6eac1dd9008cc3421d
-
Size
819KB
-
MD5
d01d00c8e3827ed23b6bfa86fa20ec64
-
SHA1
58206786f3cb06b38aa5131f1fd617df5846534e
-
SHA256
011a83621fc115c02a133e887dfd4873520cbda105384a6eac1dd9008cc3421d
-
SHA512
1ba669e22373031ab06320cbaeb7f684abc7873bb17c397d68140f60f97238453a41ef41a8f970d910139532148b650a1f014c3340456a4c84a26a8548da01dd
-
SSDEEP
12288:sscf6Itg+WOMD4rEr1yq9sZfHZrijZUyOD2zzmQceG:WCIJnra1yHtZWlUyODo9cF
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-