General
-
Target
9fb859a95ba98f64dcb346de7e5beb1cf2af4d0cb7973bfe34c4ec2d1eab127f
-
Size
444KB
-
Sample
221125-vqdb4afc5w
-
MD5
89f0d679e40c77784e9fabd0b3e457cd
-
SHA1
0d7c67f88bcef027235079d392bad432c8821b73
-
SHA256
9fb859a95ba98f64dcb346de7e5beb1cf2af4d0cb7973bfe34c4ec2d1eab127f
-
SHA512
95ea7ee482d32c7b174e51f7733e8db60bf25ff6e85f1ea226f618032d8adb9547daeb1b0fb5e3f80b5680f1f3fc0f79b35b7fc67c893af6f3c32a191daf7206
-
SSDEEP
12288:d3IotQx/nlZNnBanOgu2JHPtjyMlbyyE30Xac2uAn:d3Io+x/nlZNBanO03jyMER3W12uAn
Static task
static1
Behavioral task
behavioral1
Sample
9fb859a95ba98f64dcb346de7e5beb1cf2af4d0cb7973bfe34c4ec2d1eab127f.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
9fb859a95ba98f64dcb346de7e5beb1cf2af4d0cb7973bfe34c4ec2d1eab127f
-
Size
444KB
-
MD5
89f0d679e40c77784e9fabd0b3e457cd
-
SHA1
0d7c67f88bcef027235079d392bad432c8821b73
-
SHA256
9fb859a95ba98f64dcb346de7e5beb1cf2af4d0cb7973bfe34c4ec2d1eab127f
-
SHA512
95ea7ee482d32c7b174e51f7733e8db60bf25ff6e85f1ea226f618032d8adb9547daeb1b0fb5e3f80b5680f1f3fc0f79b35b7fc67c893af6f3c32a191daf7206
-
SSDEEP
12288:d3IotQx/nlZNnBanOgu2JHPtjyMlbyyE30Xac2uAn:d3Io+x/nlZNBanO03jyMER3W12uAn
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-