General
-
Target
a4fd243d6c43dd0e8d3b540c201c42e84b55adbce47ae985649a97390ab61f7d
-
Size
452KB
-
Sample
221127-qrvwbaeg3z
-
MD5
b786486d734bcc79b4a528aafc2b99c5
-
SHA1
c03cf0d389378b393799e0867137d89c03ef829e
-
SHA256
a4fd243d6c43dd0e8d3b540c201c42e84b55adbce47ae985649a97390ab61f7d
-
SHA512
5a18f5743c0411737c502a65f9de990a819e391d8f3958451b0106d9be41633cbe2782c36ff39dc41aa6c1e35997590f1d11200e3a6d1ea5e7b4b3719cc54043
-
SSDEEP
12288:sCcal9ywQFOCgP6GHW3JVVReJTu/hgMOGepdK:sCfAwQHGHW3JLcueMOf/
Static task
static1
Behavioral task
behavioral1
Sample
a4fd243d6c43dd0e8d3b540c201c42e84b55adbce47ae985649a97390ab61f7d.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
a4fd243d6c43dd0e8d3b540c201c42e84b55adbce47ae985649a97390ab61f7d
-
Size
452KB
-
MD5
b786486d734bcc79b4a528aafc2b99c5
-
SHA1
c03cf0d389378b393799e0867137d89c03ef829e
-
SHA256
a4fd243d6c43dd0e8d3b540c201c42e84b55adbce47ae985649a97390ab61f7d
-
SHA512
5a18f5743c0411737c502a65f9de990a819e391d8f3958451b0106d9be41633cbe2782c36ff39dc41aa6c1e35997590f1d11200e3a6d1ea5e7b4b3719cc54043
-
SSDEEP
12288:sCcal9ywQFOCgP6GHW3JVVReJTu/hgMOGepdK:sCfAwQHGHW3JLcueMOf/
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-