General
-
Target
b70e27589effbc110a943465f95d79ee73419c4dc3e0d191cb08175ebcf5c029
-
Size
502KB
-
Sample
221124-y36e7aga84
-
MD5
37b4e59d885b1497688c32871a13c592
-
SHA1
0deb2d0c55e654877b0e131687c05ae45dd71022
-
SHA256
b70e27589effbc110a943465f95d79ee73419c4dc3e0d191cb08175ebcf5c029
-
SHA512
a911394c2c5f75a7d7ce38edddfa5d640011dc883e9360a95be2faf746ba7094f12775f4a057a3ae97ce17d2947cdc4964db1ce63bd898a910f927e4971211f1
-
SSDEEP
6144:BrLbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9bH7:BrLQtqB5urTIoYWBQk1E+VF9mOx9X
Static task
static1
Behavioral task
behavioral1
Sample
b70e27589effbc110a943465f95d79ee73419c4dc3e0d191cb08175ebcf5c029.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
b70e27589effbc110a943465f95d79ee73419c4dc3e0d191cb08175ebcf5c029.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
b70e27589effbc110a943465f95d79ee73419c4dc3e0d191cb08175ebcf5c029
-
Size
502KB
-
MD5
37b4e59d885b1497688c32871a13c592
-
SHA1
0deb2d0c55e654877b0e131687c05ae45dd71022
-
SHA256
b70e27589effbc110a943465f95d79ee73419c4dc3e0d191cb08175ebcf5c029
-
SHA512
a911394c2c5f75a7d7ce38edddfa5d640011dc883e9360a95be2faf746ba7094f12775f4a057a3ae97ce17d2947cdc4964db1ce63bd898a910f927e4971211f1
-
SSDEEP
6144:BrLbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9bH7:BrLQtqB5urTIoYWBQk1E+VF9mOx9X
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-