General
-
Target
fc4d2e011c552385fa61eb398015fcac3a5131321c5049be8c02493967dcd89c
-
Size
524KB
-
Sample
221125-npd4nsdg65
-
MD5
8a856f4f1e3353cadcb0203f90af8107
-
SHA1
d7eecc93c520134d067117f6b4a508d9cbf5e881
-
SHA256
fc4d2e011c552385fa61eb398015fcac3a5131321c5049be8c02493967dcd89c
-
SHA512
330b30a9da0a5034ff9271a90b7716a6d9d9121fc283a49b415e1b7a494a7afeba6e4aa31dc7d8207c1d692f6cbf64cb49fd273ef8b1fc043057d4ad14840a66
-
SSDEEP
12288:14Q/riw/ULolvsVtjTETYzfuVSYcDD4MMMMMMMMMMMMMMMMMMqHMMMMMMMMMMMMi:1RHU8OJzfu4YCD4MMMMMMMMMMMMMMMMr
Static task
static1
Behavioral task
behavioral1
Sample
fc4d2e011c552385fa61eb398015fcac3a5131321c5049be8c02493967dcd89c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fc4d2e011c552385fa61eb398015fcac3a5131321c5049be8c02493967dcd89c.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
fc4d2e011c552385fa61eb398015fcac3a5131321c5049be8c02493967dcd89c
-
Size
524KB
-
MD5
8a856f4f1e3353cadcb0203f90af8107
-
SHA1
d7eecc93c520134d067117f6b4a508d9cbf5e881
-
SHA256
fc4d2e011c552385fa61eb398015fcac3a5131321c5049be8c02493967dcd89c
-
SHA512
330b30a9da0a5034ff9271a90b7716a6d9d9121fc283a49b415e1b7a494a7afeba6e4aa31dc7d8207c1d692f6cbf64cb49fd273ef8b1fc043057d4ad14840a66
-
SSDEEP
12288:14Q/riw/ULolvsVtjTETYzfuVSYcDD4MMMMMMMMMMMMMMMMMMqHMMMMMMMMMMMMi:1RHU8OJzfu4YCD4MMMMMMMMMMMMMMMMr
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-