General
-
Target
6c1a827ebaa402690aeba7560ebd5eed16e7d9b498d3200ac8acc32a71108149
-
Size
452KB
-
Sample
221127-pvah4scd4x
-
MD5
13d4b6780a7f0503a4659cb3a464588f
-
SHA1
706cfec612280f8866fe7605665963daee3969d3
-
SHA256
6c1a827ebaa402690aeba7560ebd5eed16e7d9b498d3200ac8acc32a71108149
-
SHA512
a27b00dfc4a3542b28cbc13f7b1acfcf2e5d9c4d5332cf8b8863a4f23a0f7173c5acde063b3019a7347feab31355ea053ce334a86a1e6a985638f25b16aad728
-
SSDEEP
12288:ZcLUcA7guU1KhwRm9J1ByQm94yX+lzcRvTz6lvNn7jp4:ZcYkj0hrJrm91OlWvngvJj
Static task
static1
Behavioral task
behavioral1
Sample
6c1a827ebaa402690aeba7560ebd5eed16e7d9b498d3200ac8acc32a71108149.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6c1a827ebaa402690aeba7560ebd5eed16e7d9b498d3200ac8acc32a71108149.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
6c1a827ebaa402690aeba7560ebd5eed16e7d9b498d3200ac8acc32a71108149
-
Size
452KB
-
MD5
13d4b6780a7f0503a4659cb3a464588f
-
SHA1
706cfec612280f8866fe7605665963daee3969d3
-
SHA256
6c1a827ebaa402690aeba7560ebd5eed16e7d9b498d3200ac8acc32a71108149
-
SHA512
a27b00dfc4a3542b28cbc13f7b1acfcf2e5d9c4d5332cf8b8863a4f23a0f7173c5acde063b3019a7347feab31355ea053ce334a86a1e6a985638f25b16aad728
-
SSDEEP
12288:ZcLUcA7guU1KhwRm9J1ByQm94yX+lzcRvTz6lvNn7jp4:ZcYkj0hrJrm91OlWvngvJj
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-