General
-
Target
fc0184826211226a22371269ac7d84c7daece33c494d3ab8a5a4f5b8e662257f
-
Size
630KB
-
Sample
221125-np3r2adh32
-
MD5
11ef732299c5f5b981d3d0c2678a5058
-
SHA1
81a9d9dfc15ca303daf96c26a20a8857913cb75c
-
SHA256
fc0184826211226a22371269ac7d84c7daece33c494d3ab8a5a4f5b8e662257f
-
SHA512
6d26b20cb462d1fbb7afece507083db49cd373e99a73ffacf71aeccec6b0ce6a67c2620badcc18ee183f312bbfe5f8b846265fbe2cafc285f22bcc37e1ca34d4
-
SSDEEP
12288:USJX5r6gNgQWElQsO+c/CfPmX5X8Sgh2VWaL4W47S6kXF/XdVRDH:N7W4KmPmXN8BhJ7pkXF/XdVR
Malware Config
Targets
-
-
Target
fc0184826211226a22371269ac7d84c7daece33c494d3ab8a5a4f5b8e662257f
-
Size
630KB
-
MD5
11ef732299c5f5b981d3d0c2678a5058
-
SHA1
81a9d9dfc15ca303daf96c26a20a8857913cb75c
-
SHA256
fc0184826211226a22371269ac7d84c7daece33c494d3ab8a5a4f5b8e662257f
-
SHA512
6d26b20cb462d1fbb7afece507083db49cd373e99a73ffacf71aeccec6b0ce6a67c2620badcc18ee183f312bbfe5f8b846265fbe2cafc285f22bcc37e1ca34d4
-
SSDEEP
12288:USJX5r6gNgQWElQsO+c/CfPmX5X8Sgh2VWaL4W47S6kXF/XdVRDH:N7W4KmPmXN8BhJ7pkXF/XdVR
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-