General
-
Target
5b082129d1691fbd9091828a53a0f57cab828db38c26441c6ddbba8aef09fc90
-
Size
456KB
-
Sample
221127-q4fl6aca35
-
MD5
e7f3e9665891f8a4d337d11b39d12611
-
SHA1
b7b2d85d0454a03cfcdc4ca03f173ca9c9f21e80
-
SHA256
5b082129d1691fbd9091828a53a0f57cab828db38c26441c6ddbba8aef09fc90
-
SHA512
fb374bf5128c1bf3971dc3a32533b9e00e659276fee10c73bac307fd44585d2a8d67e49ff16c11a2e35979edecf908b3792f38fdab4ac915e3897920bde7b0f2
-
SSDEEP
12288:HAgyzVfZWhdnTbl03Tp3aDrDZOUug6ge:HAgiYLvWd3qFOFgN
Static task
static1
Behavioral task
behavioral1
Sample
5b082129d1691fbd9091828a53a0f57cab828db38c26441c6ddbba8aef09fc90.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
5b082129d1691fbd9091828a53a0f57cab828db38c26441c6ddbba8aef09fc90
-
Size
456KB
-
MD5
e7f3e9665891f8a4d337d11b39d12611
-
SHA1
b7b2d85d0454a03cfcdc4ca03f173ca9c9f21e80
-
SHA256
5b082129d1691fbd9091828a53a0f57cab828db38c26441c6ddbba8aef09fc90
-
SHA512
fb374bf5128c1bf3971dc3a32533b9e00e659276fee10c73bac307fd44585d2a8d67e49ff16c11a2e35979edecf908b3792f38fdab4ac915e3897920bde7b0f2
-
SSDEEP
12288:HAgyzVfZWhdnTbl03Tp3aDrDZOUug6ge:HAgiYLvWd3qFOFgN
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-