General
-
Target
e88277164def6f447b033bd93e3f3279518182a538a7ed377af3aba8b30cc4bc
-
Size
1.4MB
-
Sample
221126-kjzxeafa64
-
MD5
4cb53d176ff7bcbd128442aae02a099a
-
SHA1
f36482b9a29ee5e0d200ba2e3243f2b6ff89a635
-
SHA256
e88277164def6f447b033bd93e3f3279518182a538a7ed377af3aba8b30cc4bc
-
SHA512
2b86d268176dd5d4597a4d2141570f3736b4bd2ef767ec6da5af392627704c8b99cd1975d017d39af2b99bc048a82f68068e9fdccc9236ec27d9f1eec0299bad
-
SSDEEP
24576:CiA6O+E+25Zq4qCN3yQtEOzFxa1LBUYrFgzxzFSO2KDAXiW6BlDv:Lrgqc5tza8P0TKP
Static task
static1
Behavioral task
behavioral1
Sample
e88277164def6f447b033bd93e3f3279518182a538a7ed377af3aba8b30cc4bc.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
e88277164def6f447b033bd93e3f3279518182a538a7ed377af3aba8b30cc4bc
-
Size
1.4MB
-
MD5
4cb53d176ff7bcbd128442aae02a099a
-
SHA1
f36482b9a29ee5e0d200ba2e3243f2b6ff89a635
-
SHA256
e88277164def6f447b033bd93e3f3279518182a538a7ed377af3aba8b30cc4bc
-
SHA512
2b86d268176dd5d4597a4d2141570f3736b4bd2ef767ec6da5af392627704c8b99cd1975d017d39af2b99bc048a82f68068e9fdccc9236ec27d9f1eec0299bad
-
SSDEEP
24576:CiA6O+E+25Zq4qCN3yQtEOzFxa1LBUYrFgzxzFSO2KDAXiW6BlDv:Lrgqc5tza8P0TKP
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-