General
-
Target
2daabbbfe95fdbffeac7755ef312bdb8b7c168860e347f6684c9080c691b9d46
-
Size
576KB
-
Sample
221126-17s2rsch6s
-
MD5
4fbf3ef1ae2a1e7a4ac62217833fd135
-
SHA1
b1e95acd1d6c5ece5009aad16e200391f04e371b
-
SHA256
2daabbbfe95fdbffeac7755ef312bdb8b7c168860e347f6684c9080c691b9d46
-
SHA512
becba007222b52fdb566697ad1ed39ba7bd0f1c6e755dada5a9b2acbe1dd87ef604d43cf07e5d5d1ffa223924a41c87f4c69eb56ed5bfa1e5c993bdd52a361a1
-
SSDEEP
12288:ekNCadTPVIIZKT4sqqdwGePz+4gXG5Y9Jb/tBLMNn/9IUTUwSBDuC:DpF2hT4jz+4oUY9JRBLCVfIHBy
Static task
static1
Behavioral task
behavioral1
Sample
2daabbbfe95fdbffeac7755ef312bdb8b7c168860e347f6684c9080c691b9d46.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2daabbbfe95fdbffeac7755ef312bdb8b7c168860e347f6684c9080c691b9d46.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
2daabbbfe95fdbffeac7755ef312bdb8b7c168860e347f6684c9080c691b9d46
-
Size
576KB
-
MD5
4fbf3ef1ae2a1e7a4ac62217833fd135
-
SHA1
b1e95acd1d6c5ece5009aad16e200391f04e371b
-
SHA256
2daabbbfe95fdbffeac7755ef312bdb8b7c168860e347f6684c9080c691b9d46
-
SHA512
becba007222b52fdb566697ad1ed39ba7bd0f1c6e755dada5a9b2acbe1dd87ef604d43cf07e5d5d1ffa223924a41c87f4c69eb56ed5bfa1e5c993bdd52a361a1
-
SSDEEP
12288:ekNCadTPVIIZKT4sqqdwGePz+4gXG5Y9Jb/tBLMNn/9IUTUwSBDuC:DpF2hT4jz+4oUY9JRBLCVfIHBy
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-