General
-
Target
14aecd45fb908687ddedf6aa14424e3a8428e7ef1c7e28cb25291507d2b0f931
-
Size
596KB
-
Sample
221127-qm4mnaah36
-
MD5
8b9cea8590ed25966ec2c45f9d923a46
-
SHA1
9ef5ae95749239e4f3eaf142a3ff0b8eed291320
-
SHA256
14aecd45fb908687ddedf6aa14424e3a8428e7ef1c7e28cb25291507d2b0f931
-
SHA512
bc7cf5cc8d46ed2d5f574f7b633d1fbfe4d65de74f48a5dfa702b323a6719978de80cdb3f78f0c4790ef1793c7e06dc5fe8897b283c0898d0eeb6d662a7111f9
-
SSDEEP
12288:MkIG6J6tqhOb4PvlxNavuBRaNX1T1sAIsKf4lFn9n/eJyrvWFTUWBOAYIe:VIG7qTav08BCf49mJy1W3e
Malware Config
Targets
-
-
Target
14aecd45fb908687ddedf6aa14424e3a8428e7ef1c7e28cb25291507d2b0f931
-
Size
596KB
-
MD5
8b9cea8590ed25966ec2c45f9d923a46
-
SHA1
9ef5ae95749239e4f3eaf142a3ff0b8eed291320
-
SHA256
14aecd45fb908687ddedf6aa14424e3a8428e7ef1c7e28cb25291507d2b0f931
-
SHA512
bc7cf5cc8d46ed2d5f574f7b633d1fbfe4d65de74f48a5dfa702b323a6719978de80cdb3f78f0c4790ef1793c7e06dc5fe8897b283c0898d0eeb6d662a7111f9
-
SSDEEP
12288:MkIG6J6tqhOb4PvlxNavuBRaNX1T1sAIsKf4lFn9n/eJyrvWFTUWBOAYIe:VIG7qTav08BCf49mJy1W3e
Score10/10-
UAC bypass
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-