General
-
Target
c1a54e5acfa42f09763d0d9aab8f10882ed660c8451be11c4bfb3bf33963f8e5
-
Size
944KB
-
Sample
221126-w15prshb5t
-
MD5
e2f5479a58ca015e1673f19f70788eb3
-
SHA1
fb810a12599925a8477fb42ba670c759d89d1e32
-
SHA256
c1a54e5acfa42f09763d0d9aab8f10882ed660c8451be11c4bfb3bf33963f8e5
-
SHA512
4c53fcb4e3af1d286cb6a567745f2a8116b9a91ae088cf1dad4e0ed60d39f966fa2d420310f34930375715a159fbdbfefa15d453f51042a3b13138b3e2914819
-
SSDEEP
24576:Ofeyxuu0OMZOrN+x1JjrY12EQbJNWGWHKu7naezlavxD:OfeY0OocHQmKyaj
Static task
static1
Behavioral task
behavioral1
Sample
c1a54e5acfa42f09763d0d9aab8f10882ed660c8451be11c4bfb3bf33963f8e5.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
c1a54e5acfa42f09763d0d9aab8f10882ed660c8451be11c4bfb3bf33963f8e5
-
Size
944KB
-
MD5
e2f5479a58ca015e1673f19f70788eb3
-
SHA1
fb810a12599925a8477fb42ba670c759d89d1e32
-
SHA256
c1a54e5acfa42f09763d0d9aab8f10882ed660c8451be11c4bfb3bf33963f8e5
-
SHA512
4c53fcb4e3af1d286cb6a567745f2a8116b9a91ae088cf1dad4e0ed60d39f966fa2d420310f34930375715a159fbdbfefa15d453f51042a3b13138b3e2914819
-
SSDEEP
24576:Ofeyxuu0OMZOrN+x1JjrY12EQbJNWGWHKu7naezlavxD:OfeY0OocHQmKyaj
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-