General
-
Target
350465c0343cd7f0b80b01026ecdfe2c92c2fa011f60e0e2e52e1eeabbf001c7
-
Size
593KB
-
Sample
221125-dfzznsfg86
-
MD5
4cf79b335d5da882bbe49d6052394710
-
SHA1
a21d8ca9ae628262d138be9097b1d7c3bda2761c
-
SHA256
350465c0343cd7f0b80b01026ecdfe2c92c2fa011f60e0e2e52e1eeabbf001c7
-
SHA512
9bb9a2fcdce352eea162a44e584b538470eea4f9d9d538e5ecd27399bf34cbf5ee74010f12b6febbaeb998c0d4bbd00c54403fbba2870fc7b748afebc40529b6
-
SSDEEP
12288:WZ1/zEoY0jr/IYBliQ3wbBTXkiloCTvQ46SY3j9fSfYpAT2c:CE0Bd3wbBTyCTvP6p3sYuT
Static task
static1
Behavioral task
behavioral1
Sample
350465c0343cd7f0b80b01026ecdfe2c92c2fa011f60e0e2e52e1eeabbf001c7.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
350465c0343cd7f0b80b01026ecdfe2c92c2fa011f60e0e2e52e1eeabbf001c7
-
Size
593KB
-
MD5
4cf79b335d5da882bbe49d6052394710
-
SHA1
a21d8ca9ae628262d138be9097b1d7c3bda2761c
-
SHA256
350465c0343cd7f0b80b01026ecdfe2c92c2fa011f60e0e2e52e1eeabbf001c7
-
SHA512
9bb9a2fcdce352eea162a44e584b538470eea4f9d9d538e5ecd27399bf34cbf5ee74010f12b6febbaeb998c0d4bbd00c54403fbba2870fc7b748afebc40529b6
-
SSDEEP
12288:WZ1/zEoY0jr/IYBliQ3wbBTXkiloCTvQ46SY3j9fSfYpAT2c:CE0Bd3wbBTyCTvP6p3sYuT
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-