General
-
Target
6c8b8c667a462285e9c52d0371b087879c3c93b481e6afc0482ed0cd3797f6dc
-
Size
452KB
-
Sample
221127-pvzs1agg98
-
MD5
43344c56bd5ddc32f2b23e84ca2fedc3
-
SHA1
46ba23be893b83479cfa6781adcd2c9080cad34f
-
SHA256
6c8b8c667a462285e9c52d0371b087879c3c93b481e6afc0482ed0cd3797f6dc
-
SHA512
ef82d1aa1137bc62163ee92e32aaebe85bd044707568530fa6d1540b3baf26ad825df0a6d28e79313a6f49070be21f9f7a6ea901250bde128e26d47df58ebe12
-
SSDEEP
6144:DPd9CRAwDgrPqXkRaz61RHqGTcdzg5KBY1DXiXv6PxJ6F7aAcRbdyDBAFlHj6s45:bnRigrPD1RX++KSJ47ZckAX/U
Static task
static1
Behavioral task
behavioral1
Sample
6c8b8c667a462285e9c52d0371b087879c3c93b481e6afc0482ed0cd3797f6dc.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
6c8b8c667a462285e9c52d0371b087879c3c93b481e6afc0482ed0cd3797f6dc
-
Size
452KB
-
MD5
43344c56bd5ddc32f2b23e84ca2fedc3
-
SHA1
46ba23be893b83479cfa6781adcd2c9080cad34f
-
SHA256
6c8b8c667a462285e9c52d0371b087879c3c93b481e6afc0482ed0cd3797f6dc
-
SHA512
ef82d1aa1137bc62163ee92e32aaebe85bd044707568530fa6d1540b3baf26ad825df0a6d28e79313a6f49070be21f9f7a6ea901250bde128e26d47df58ebe12
-
SSDEEP
6144:DPd9CRAwDgrPqXkRaz61RHqGTcdzg5KBY1DXiXv6PxJ6F7aAcRbdyDBAFlHj6s45:bnRigrPD1RX++KSJ47ZckAX/U
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-