General
-
Target
27b4901190ca632259654b1d1372d3fffa7e6181a120ba49b79f007872c1a208
-
Size
1.5MB
-
Sample
221124-e3s1bahb79
-
MD5
c7ec863b390d77f98d3924f4f838b80a
-
SHA1
711f770265d2af9aef246069e90bf3828aee4fdd
-
SHA256
27b4901190ca632259654b1d1372d3fffa7e6181a120ba49b79f007872c1a208
-
SHA512
ff00326a6cc4c65c17deb849a14701de1f924c375637ae366523d8c91801a3bc63234c42bee69e420bca48653503d683c08bbdc0b49e545568fdd51bdd22b7ed
-
SSDEEP
24576:74lavt0LkLL9IMixoEgeawclhApXk3hxyMrO2fLDCzIWlQc3usq9MmCS:Okwkn9IMHeawclSp6TykDMlB3raPCS
Static task
static1
Behavioral task
behavioral1
Sample
27b4901190ca632259654b1d1372d3fffa7e6181a120ba49b79f007872c1a208.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
27b4901190ca632259654b1d1372d3fffa7e6181a120ba49b79f007872c1a208.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
27b4901190ca632259654b1d1372d3fffa7e6181a120ba49b79f007872c1a208
-
Size
1.5MB
-
MD5
c7ec863b390d77f98d3924f4f838b80a
-
SHA1
711f770265d2af9aef246069e90bf3828aee4fdd
-
SHA256
27b4901190ca632259654b1d1372d3fffa7e6181a120ba49b79f007872c1a208
-
SHA512
ff00326a6cc4c65c17deb849a14701de1f924c375637ae366523d8c91801a3bc63234c42bee69e420bca48653503d683c08bbdc0b49e545568fdd51bdd22b7ed
-
SSDEEP
24576:74lavt0LkLL9IMixoEgeawclhApXk3hxyMrO2fLDCzIWlQc3usq9MmCS:Okwkn9IMHeawclSp6TykDMlB3raPCS
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-