General
-
Target
1c72ce753e2d192bd29af531ab2e43e28db2df5a7cd7114ff1721dedc6777c31
-
Size
457KB
-
Sample
221126-zlfzmsge2z
-
MD5
cb93f18940edf95168a71629911a82c6
-
SHA1
b1bbb8b4e6a5b06a36f106607355995c505d9aab
-
SHA256
1c72ce753e2d192bd29af531ab2e43e28db2df5a7cd7114ff1721dedc6777c31
-
SHA512
1ab8cc734efdf242d71039627821979bc8e473a17816f88a872446d4bbfaa7650b70f9dc48554b4737f8090b28c99e9e0dad0978aea5839a0843c77d22277f3c
-
SSDEEP
12288:aCmrZq+aXdldVhi0ARQC8u4UmrC8MbAKILVmAtfT3u/U3:aCBVlon8uQrpNL8kIs
Static task
static1
Behavioral task
behavioral1
Sample
1c72ce753e2d192bd29af531ab2e43e28db2df5a7cd7114ff1721dedc6777c31.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1c72ce753e2d192bd29af531ab2e43e28db2df5a7cd7114ff1721dedc6777c31.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
1c72ce753e2d192bd29af531ab2e43e28db2df5a7cd7114ff1721dedc6777c31
-
Size
457KB
-
MD5
cb93f18940edf95168a71629911a82c6
-
SHA1
b1bbb8b4e6a5b06a36f106607355995c505d9aab
-
SHA256
1c72ce753e2d192bd29af531ab2e43e28db2df5a7cd7114ff1721dedc6777c31
-
SHA512
1ab8cc734efdf242d71039627821979bc8e473a17816f88a872446d4bbfaa7650b70f9dc48554b4737f8090b28c99e9e0dad0978aea5839a0843c77d22277f3c
-
SSDEEP
12288:aCmrZq+aXdldVhi0ARQC8u4UmrC8MbAKILVmAtfT3u/U3:aCBVlon8uQrpNL8kIs
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-