General
-
Target
1c991ad9e6a09ebde65d749f78a4a73890bf26780891410ca8a07b1dab841ab9
-
Size
1.0MB
-
Sample
221126-sl63hada29
-
MD5
acd430684ecc9c6278874183ca40a133
-
SHA1
b7fa9d0383a64e5a3c18a66fa3ef4d349d60fbb2
-
SHA256
1c991ad9e6a09ebde65d749f78a4a73890bf26780891410ca8a07b1dab841ab9
-
SHA512
301ab23e0989cdd42418d1a5f215ced23a54437d15d8fb6adbaf25edebdbca5ead5ce30a19b5eddba7c63ed07007d946050b830d6c293384d096de718b5c6d8c
-
SSDEEP
12288:Xu460DZby5vzCrdIxM0VVaCWg5ctGnw1uia4goH71NvQZoXYE/WRs4haBVtL8skS:e460EzVMoaXgFw0ia4goHRos4olL8VO
Static task
static1
Behavioral task
behavioral1
Sample
1c991ad9e6a09ebde65d749f78a4a73890bf26780891410ca8a07b1dab841ab9.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1c991ad9e6a09ebde65d749f78a4a73890bf26780891410ca8a07b1dab841ab9.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
1c991ad9e6a09ebde65d749f78a4a73890bf26780891410ca8a07b1dab841ab9
-
Size
1.0MB
-
MD5
acd430684ecc9c6278874183ca40a133
-
SHA1
b7fa9d0383a64e5a3c18a66fa3ef4d349d60fbb2
-
SHA256
1c991ad9e6a09ebde65d749f78a4a73890bf26780891410ca8a07b1dab841ab9
-
SHA512
301ab23e0989cdd42418d1a5f215ced23a54437d15d8fb6adbaf25edebdbca5ead5ce30a19b5eddba7c63ed07007d946050b830d6c293384d096de718b5c6d8c
-
SSDEEP
12288:Xu460DZby5vzCrdIxM0VVaCWg5ctGnw1uia4goH71NvQZoXYE/WRs4haBVtL8skS:e460EzVMoaXgFw0ia4goHRos4olL8VO
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-