General
-
Target
f6a425454fa9c668f5bfabc52d505b267a0efbd36149e92dab8d9b4ae1035e17
-
Size
552KB
-
Sample
221127-lqn9xsbh9s
-
MD5
72e2760bbb11ff9a84fe8a20bf7744e7
-
SHA1
7ca4427aa83f2edc11c015d9e57638b90752d5c4
-
SHA256
f6a425454fa9c668f5bfabc52d505b267a0efbd36149e92dab8d9b4ae1035e17
-
SHA512
9c303d9a5fce18cbb6369182807cdee0d7c639e376368cdd5bdef4445ae703145c7c10f3bdadc36e1fc34f4feea26a6f421c090be98cb398ebeaff95fe516954
-
SSDEEP
12288:SLffrhDZGejICryEyZn0KF6HBCrCROICFxpF8/afv0DNzp1kIktZakN:qT1I30KF6HBCOOnxpF8Cfv09p1kIktZJ
Static task
static1
Behavioral task
behavioral1
Sample
f6a425454fa9c668f5bfabc52d505b267a0efbd36149e92dab8d9b4ae1035e17.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
f6a425454fa9c668f5bfabc52d505b267a0efbd36149e92dab8d9b4ae1035e17
-
Size
552KB
-
MD5
72e2760bbb11ff9a84fe8a20bf7744e7
-
SHA1
7ca4427aa83f2edc11c015d9e57638b90752d5c4
-
SHA256
f6a425454fa9c668f5bfabc52d505b267a0efbd36149e92dab8d9b4ae1035e17
-
SHA512
9c303d9a5fce18cbb6369182807cdee0d7c639e376368cdd5bdef4445ae703145c7c10f3bdadc36e1fc34f4feea26a6f421c090be98cb398ebeaff95fe516954
-
SSDEEP
12288:SLffrhDZGejICryEyZn0KF6HBCrCROICFxpF8/afv0DNzp1kIktZakN:qT1I30KF6HBCOOnxpF8Cfv09p1kIktZJ
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-