General
-
Target
6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179
-
Size
451KB
-
Sample
221127-gcwpmagf2t
-
MD5
fe14b7552e26f8977d9b0cb423f89272
-
SHA1
a64f07f43ba5d24d25e424f857e396aa3c0b48ab
-
SHA256
6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179
-
SHA512
4af7b4bd6869ebdc66d297fe3d653d0f333b74ababe14a3cec345838803c8fe6a56e041ee2c9e3c2c935fe0d3ca736b46b8b930eab00d6352aad9f36bc293aab
-
SSDEEP
6144:puEEKwccv6H4+Ld2Y7sIEUmlpki3zF0wUw7BHBfD8b76Bbjnz+9Gs+mxKtZS:p9KcciJhowm0i3z2wFHBfI4bTzQYp
Static task
static1
Behavioral task
behavioral1
Sample
6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179
-
Size
451KB
-
MD5
fe14b7552e26f8977d9b0cb423f89272
-
SHA1
a64f07f43ba5d24d25e424f857e396aa3c0b48ab
-
SHA256
6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179
-
SHA512
4af7b4bd6869ebdc66d297fe3d653d0f333b74ababe14a3cec345838803c8fe6a56e041ee2c9e3c2c935fe0d3ca736b46b8b930eab00d6352aad9f36bc293aab
-
SSDEEP
6144:puEEKwccv6H4+Ld2Y7sIEUmlpki3zF0wUw7BHBfD8b76Bbjnz+9Gs+mxKtZS:p9KcciJhowm0i3z2wFHBfI4bTzQYp
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-