General
-
Target
ffcab968f30e88d9b7ef76e5122624cdbda44e484b501f34f4f4be7fff25489b
-
Size
1.4MB
-
Sample
221126-ra3p9shc39
-
MD5
329fb1fd25cd861c44a4f4d17fadbceb
-
SHA1
a6e64e5d7cf00e3a83fdfa9b0cf3ed165ba0ab2a
-
SHA256
ffcab968f30e88d9b7ef76e5122624cdbda44e484b501f34f4f4be7fff25489b
-
SHA512
a12e4b6673c1607e05519d0fea1b5947791ab7c9a8dcf70307fd3041320970c81a6d9b965304302dbfba1d1ea96d1b33998520e5c76dd72d19c9301e94dd260c
-
SSDEEP
24576:/U6uhs8w/n3GcRjiSlb29hbhcw6B3V5cTXDCAtRa58muSK/:/ZuhzyWQb29hbWzViTXDLo8muSm
Static task
static1
Behavioral task
behavioral1
Sample
ffcab968f30e88d9b7ef76e5122624cdbda44e484b501f34f4f4be7fff25489b.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
ffcab968f30e88d9b7ef76e5122624cdbda44e484b501f34f4f4be7fff25489b
-
Size
1.4MB
-
MD5
329fb1fd25cd861c44a4f4d17fadbceb
-
SHA1
a6e64e5d7cf00e3a83fdfa9b0cf3ed165ba0ab2a
-
SHA256
ffcab968f30e88d9b7ef76e5122624cdbda44e484b501f34f4f4be7fff25489b
-
SHA512
a12e4b6673c1607e05519d0fea1b5947791ab7c9a8dcf70307fd3041320970c81a6d9b965304302dbfba1d1ea96d1b33998520e5c76dd72d19c9301e94dd260c
-
SSDEEP
24576:/U6uhs8w/n3GcRjiSlb29hbhcw6B3V5cTXDCAtRa58muSK/:/ZuhzyWQb29hbWzViTXDLo8muSm
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-