General
-
Target
2c62d991fc6be811acae1abb5c4f7a917c903e1b224d1f37ddf2f622ab0c33f4
-
Size
1.1MB
-
Sample
221126-srns4sdd49
-
MD5
ba3cc56d2789e98e6ec31a5d3a455dc9
-
SHA1
598a791b139482c0dfe5b82efce49ab33e45937e
-
SHA256
2c62d991fc6be811acae1abb5c4f7a917c903e1b224d1f37ddf2f622ab0c33f4
-
SHA512
f4cd0461956a3dce719f5f683a214ab1ef9c88537073810b3afa9ad21c9df7cb61df44869c486ac53c5c9a61ad30764737b4e30a7fcc5f97e208572b6b6f93e4
-
SSDEEP
24576:/L/VPEY9IouAH3TDnIODApL76fjpDxuGhQHJEocBRBkPU7:DVPEKIQDDnIOs576pDxuG+pE5XWw
Static task
static1
Behavioral task
behavioral1
Sample
2c62d991fc6be811acae1abb5c4f7a917c903e1b224d1f37ddf2f622ab0c33f4.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
2c62d991fc6be811acae1abb5c4f7a917c903e1b224d1f37ddf2f622ab0c33f4
-
Size
1.1MB
-
MD5
ba3cc56d2789e98e6ec31a5d3a455dc9
-
SHA1
598a791b139482c0dfe5b82efce49ab33e45937e
-
SHA256
2c62d991fc6be811acae1abb5c4f7a917c903e1b224d1f37ddf2f622ab0c33f4
-
SHA512
f4cd0461956a3dce719f5f683a214ab1ef9c88537073810b3afa9ad21c9df7cb61df44869c486ac53c5c9a61ad30764737b4e30a7fcc5f97e208572b6b6f93e4
-
SSDEEP
24576:/L/VPEY9IouAH3TDnIODApL76fjpDxuGhQHJEocBRBkPU7:DVPEKIQDDnIOs576pDxuG+pE5XWw
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-