General
-
Target
d8185c978d545ee6eec7fdabdc106ac6858dbad7186072f9ad5b63491cb1783d
-
Size
623KB
-
Sample
221124-w5he2abg88
-
MD5
339505a32aa90e8ae416c463c5f3118e
-
SHA1
88f1c1be60d9ffc7fd1eddf03263dfdf24f8e5a8
-
SHA256
d8185c978d545ee6eec7fdabdc106ac6858dbad7186072f9ad5b63491cb1783d
-
SHA512
349af0f292f0a14aaf2c29de348a904702c7a547950c6ee9ef326c5bb37d05e10d97ece4ee49183cfe115055170a225785a90a9bcb5413125620f17c66439b97
-
SSDEEP
12288:ff9yJvpEAXlvMcu1JN+q6KZ3bAVWh3NZfWXg3DM9N683sG/i2X6rB6ta:flgvmWRMZs4zBUEYAqi2X6rBR
Static task
static1
Behavioral task
behavioral1
Sample
d8185c978d545ee6eec7fdabdc106ac6858dbad7186072f9ad5b63491cb1783d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d8185c978d545ee6eec7fdabdc106ac6858dbad7186072f9ad5b63491cb1783d.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
d8185c978d545ee6eec7fdabdc106ac6858dbad7186072f9ad5b63491cb1783d
-
Size
623KB
-
MD5
339505a32aa90e8ae416c463c5f3118e
-
SHA1
88f1c1be60d9ffc7fd1eddf03263dfdf24f8e5a8
-
SHA256
d8185c978d545ee6eec7fdabdc106ac6858dbad7186072f9ad5b63491cb1783d
-
SHA512
349af0f292f0a14aaf2c29de348a904702c7a547950c6ee9ef326c5bb37d05e10d97ece4ee49183cfe115055170a225785a90a9bcb5413125620f17c66439b97
-
SSDEEP
12288:ff9yJvpEAXlvMcu1JN+q6KZ3bAVWh3NZfWXg3DM9N683sG/i2X6rB6ta:flgvmWRMZs4zBUEYAqi2X6rBR
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-