General
-
Target
72514d30ecd4fcc03880b4fb41c0055a998289ec3908fa1ed009b734560718ee
-
Size
439KB
-
Sample
221126-ld4h3sbb9t
-
MD5
a0703387e77f63794fcb8dc26b2b2b1d
-
SHA1
5378b845ee8aaafc49ea5a1b0b9ed515018e5df6
-
SHA256
72514d30ecd4fcc03880b4fb41c0055a998289ec3908fa1ed009b734560718ee
-
SHA512
7d7bfae56ed24a22ce9a57264b1265100c7747dd471d176f55ae17b851fa0d34485d588d7270fdcbbe94ea71008b194a5e054e1a54fc9ab088aa604af5ca8ec0
-
SSDEEP
6144:waL+tQE186ETQJ7YXdCQv7bo1gZImSdMSy2AQWX9K3NhxERZU+BqH/jfy8E1QhZH:wDPEU7YsSdSd1y2YM3Nh/6S7aaZ/2e
Static task
static1
Behavioral task
behavioral1
Sample
72514d30ecd4fcc03880b4fb41c0055a998289ec3908fa1ed009b734560718ee.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
72514d30ecd4fcc03880b4fb41c0055a998289ec3908fa1ed009b734560718ee.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
72514d30ecd4fcc03880b4fb41c0055a998289ec3908fa1ed009b734560718ee
-
Size
439KB
-
MD5
a0703387e77f63794fcb8dc26b2b2b1d
-
SHA1
5378b845ee8aaafc49ea5a1b0b9ed515018e5df6
-
SHA256
72514d30ecd4fcc03880b4fb41c0055a998289ec3908fa1ed009b734560718ee
-
SHA512
7d7bfae56ed24a22ce9a57264b1265100c7747dd471d176f55ae17b851fa0d34485d588d7270fdcbbe94ea71008b194a5e054e1a54fc9ab088aa604af5ca8ec0
-
SSDEEP
6144:waL+tQE186ETQJ7YXdCQv7bo1gZImSdMSy2AQWX9K3NhxERZU+BqH/jfy8E1QhZH:wDPEU7YsSdSd1y2YM3Nh/6S7aaZ/2e
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-