General
-
Target
a7f9a59d211741eceea0c3bcd1b5fc8e4ebbe691cfb4024bcaf5328961b9127a
-
Size
611KB
-
Sample
221124-zyex4saa37
-
MD5
2c0c2f28645426d70abf957183b1236b
-
SHA1
03c127db4c33c832d6290e3fe9f0231b581bf15b
-
SHA256
a7f9a59d211741eceea0c3bcd1b5fc8e4ebbe691cfb4024bcaf5328961b9127a
-
SHA512
2fca80690c763e0394cb3d99b04e415b03fb447b0273b2731f6d76eb704d4cd933429326a55ca9f6d8e8bd5d526d186d1fc4c5f18bb0e6b30bf0af77524fa56e
-
SSDEEP
12288:8YLDtsU9a/hWthf/W4mR8hL0N8aHy6VWJrb2FpH1cCyX/AbEgAHV76Pu:FDtsc6yfOLEL0Zy6siFV1cC6/Cy
Static task
static1
Behavioral task
behavioral1
Sample
a7f9a59d211741eceea0c3bcd1b5fc8e4ebbe691cfb4024bcaf5328961b9127a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a7f9a59d211741eceea0c3bcd1b5fc8e4ebbe691cfb4024bcaf5328961b9127a.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
a7f9a59d211741eceea0c3bcd1b5fc8e4ebbe691cfb4024bcaf5328961b9127a
-
Size
611KB
-
MD5
2c0c2f28645426d70abf957183b1236b
-
SHA1
03c127db4c33c832d6290e3fe9f0231b581bf15b
-
SHA256
a7f9a59d211741eceea0c3bcd1b5fc8e4ebbe691cfb4024bcaf5328961b9127a
-
SHA512
2fca80690c763e0394cb3d99b04e415b03fb447b0273b2731f6d76eb704d4cd933429326a55ca9f6d8e8bd5d526d186d1fc4c5f18bb0e6b30bf0af77524fa56e
-
SSDEEP
12288:8YLDtsU9a/hWthf/W4mR8hL0N8aHy6VWJrb2FpH1cCyX/AbEgAHV76Pu:FDtsc6yfOLEL0Zy6siFV1cC6/Cy
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-