General
-
Target
49618f65d2b6e8ce65bf197dcaaf5cdd0a0fd3244ff395daa0b372ab2e2d7437
-
Size
456KB
-
Sample
221127-pye8rscf7y
-
MD5
33865ce1bb2def0bae6e25875c27194c
-
SHA1
7aebab76b6699a0217522be62202c60dc57c5887
-
SHA256
49618f65d2b6e8ce65bf197dcaaf5cdd0a0fd3244ff395daa0b372ab2e2d7437
-
SHA512
2da4e9392afd62e5193f5633bb6576e4748f5b8b27d4d7eb8f185877d951d1972a16126b4c18b8bb8446e6135a07839961c93f61f036dfa6d40d5a990e570764
-
SSDEEP
12288:+7yDod16Vgxsv4QxPmOPtV2Wjj+3NJhawi44k:ng5QQatV2k69JhSy
Static task
static1
Behavioral task
behavioral1
Sample
49618f65d2b6e8ce65bf197dcaaf5cdd0a0fd3244ff395daa0b372ab2e2d7437.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
49618f65d2b6e8ce65bf197dcaaf5cdd0a0fd3244ff395daa0b372ab2e2d7437
-
Size
456KB
-
MD5
33865ce1bb2def0bae6e25875c27194c
-
SHA1
7aebab76b6699a0217522be62202c60dc57c5887
-
SHA256
49618f65d2b6e8ce65bf197dcaaf5cdd0a0fd3244ff395daa0b372ab2e2d7437
-
SHA512
2da4e9392afd62e5193f5633bb6576e4748f5b8b27d4d7eb8f185877d951d1972a16126b4c18b8bb8446e6135a07839961c93f61f036dfa6d40d5a990e570764
-
SSDEEP
12288:+7yDod16Vgxsv4QxPmOPtV2Wjj+3NJhawi44k:ng5QQatV2k69JhSy
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-