General
-
Target
ed12701af2d1d20e50fb7a19092f722c97681fbd1305f977c3e7500426727d9e
-
Size
1.5MB
-
Sample
221127-jqyggsee71
-
MD5
27bdf6ab411093838c4f56d6927777d5
-
SHA1
1e1ba289d4cdb436d7981f04649425b0187061e4
-
SHA256
ed12701af2d1d20e50fb7a19092f722c97681fbd1305f977c3e7500426727d9e
-
SHA512
ffa52e4b10833a06bf0a06f41d7c8ed803a5a6dd358ba955e9eb212ee9ea0dd7949ef245b79109043068d5817de195316284277385f811a7c796558d8b476997
-
SSDEEP
49152:ikwkn9IMHeaILS1q8uRCWXMx146baPCS:BdnVdVuRCWcw6GPC
Static task
static1
Behavioral task
behavioral1
Sample
ed12701af2d1d20e50fb7a19092f722c97681fbd1305f977c3e7500426727d9e.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
ed12701af2d1d20e50fb7a19092f722c97681fbd1305f977c3e7500426727d9e
-
Size
1.5MB
-
MD5
27bdf6ab411093838c4f56d6927777d5
-
SHA1
1e1ba289d4cdb436d7981f04649425b0187061e4
-
SHA256
ed12701af2d1d20e50fb7a19092f722c97681fbd1305f977c3e7500426727d9e
-
SHA512
ffa52e4b10833a06bf0a06f41d7c8ed803a5a6dd358ba955e9eb212ee9ea0dd7949ef245b79109043068d5817de195316284277385f811a7c796558d8b476997
-
SSDEEP
49152:ikwkn9IMHeaILS1q8uRCWXMx146baPCS:BdnVdVuRCWcw6GPC
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-