General
-
Target
cda33b46660f1642dcfb418bbc456fd4ddc0bf8fd9282db6a1ec70740c4a1976
-
Size
600KB
-
Sample
221126-rtbe5aaf34
-
MD5
f0eba722ddeaa6c8c90f9a6f8f1aaedd
-
SHA1
61243c8fd4f6c7d7a1c18af45229446c066ba2c1
-
SHA256
cda33b46660f1642dcfb418bbc456fd4ddc0bf8fd9282db6a1ec70740c4a1976
-
SHA512
ed5aa8b0f37c2fd2bd18cf54be78a69f9a4eccefa2f893ab656a775fbef4ede6c2f19e625510ec0fec9191c211c7e116297125525c9d29e6651281b8b0d59c99
-
SSDEEP
12288:xqSPym/Umw6RfKs04nyxflmHmz9Ni5iP6aEsZ3l6oru4eoUwHSmNV:8m/XZ0+y1lmHmZNb6Mru4Eu
Static task
static1
Behavioral task
behavioral1
Sample
cda33b46660f1642dcfb418bbc456fd4ddc0bf8fd9282db6a1ec70740c4a1976.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cda33b46660f1642dcfb418bbc456fd4ddc0bf8fd9282db6a1ec70740c4a1976.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
cda33b46660f1642dcfb418bbc456fd4ddc0bf8fd9282db6a1ec70740c4a1976
-
Size
600KB
-
MD5
f0eba722ddeaa6c8c90f9a6f8f1aaedd
-
SHA1
61243c8fd4f6c7d7a1c18af45229446c066ba2c1
-
SHA256
cda33b46660f1642dcfb418bbc456fd4ddc0bf8fd9282db6a1ec70740c4a1976
-
SHA512
ed5aa8b0f37c2fd2bd18cf54be78a69f9a4eccefa2f893ab656a775fbef4ede6c2f19e625510ec0fec9191c211c7e116297125525c9d29e6651281b8b0d59c99
-
SSDEEP
12288:xqSPym/Umw6RfKs04nyxflmHmz9Ni5iP6aEsZ3l6oru4eoUwHSmNV:8m/XZ0+y1lmHmZNb6Mru4Eu
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-