General
-
Target
6636b4e1d42ff4579a9560d011ed68627c17594d5ef0def521a293046fe11698
-
Size
618KB
-
Sample
221125-jl5p1abg72
-
MD5
8fdae58392ad71d29d926883a872c946
-
SHA1
fd3e1498d4d7aae855f37b0cf617f26fca13feb0
-
SHA256
6636b4e1d42ff4579a9560d011ed68627c17594d5ef0def521a293046fe11698
-
SHA512
7fdbfd61008499c988e2652a2d804cadb51db2eb42d422b11b5099baa79bb722ba2d15e50b84b509ea922709a031bd4881fc14cae8edefcf5a305622f854a65e
-
SSDEEP
12288:F7N6FbbZwr2U01LWLJgUPB+h2j7OHSlhcjg/bv5UZXPyqdoa:z+nWJ01LWLGUP2e7Oys4bv5Q/zd3
Static task
static1
Behavioral task
behavioral1
Sample
6636b4e1d42ff4579a9560d011ed68627c17594d5ef0def521a293046fe11698.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6636b4e1d42ff4579a9560d011ed68627c17594d5ef0def521a293046fe11698.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
6636b4e1d42ff4579a9560d011ed68627c17594d5ef0def521a293046fe11698
-
Size
618KB
-
MD5
8fdae58392ad71d29d926883a872c946
-
SHA1
fd3e1498d4d7aae855f37b0cf617f26fca13feb0
-
SHA256
6636b4e1d42ff4579a9560d011ed68627c17594d5ef0def521a293046fe11698
-
SHA512
7fdbfd61008499c988e2652a2d804cadb51db2eb42d422b11b5099baa79bb722ba2d15e50b84b509ea922709a031bd4881fc14cae8edefcf5a305622f854a65e
-
SSDEEP
12288:F7N6FbbZwr2U01LWLJgUPB+h2j7OHSlhcjg/bv5UZXPyqdoa:z+nWJ01LWLGUP2e7Oys4bv5Q/zd3
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-