General
-
Target
e73fc8664d068d15d3950b832c8541758ae03d6eb25bf89fa9a9be156350e7ed
-
Size
1.4MB
-
Sample
221127-r26k8sed52
-
MD5
e4d1ebe5cb4a84b45f82a8b5801ca291
-
SHA1
9235a361d30f682911d653c5708bd11f4618b368
-
SHA256
e73fc8664d068d15d3950b832c8541758ae03d6eb25bf89fa9a9be156350e7ed
-
SHA512
5b6423664c69bcb94fe2f5b8d6e8574ca2c2959bdb6512c14d35324d2326311d7473b6a86823f7de6ec1d2d5b701951513f258918daeb393021c1d5acbf020f2
-
SSDEEP
12288:+ERb53L7jLPsHfoxY5JBNVQ6QL5fDgA1FsHFGjzSU7ucK0rxEwYN6u04XX4ZSBrY:vLPkPvS3uGkQxEwYzTVFsfyU97GYxOo
Static task
static1
Behavioral task
behavioral1
Sample
e73fc8664d068d15d3950b832c8541758ae03d6eb25bf89fa9a9be156350e7ed.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
e73fc8664d068d15d3950b832c8541758ae03d6eb25bf89fa9a9be156350e7ed
-
Size
1.4MB
-
MD5
e4d1ebe5cb4a84b45f82a8b5801ca291
-
SHA1
9235a361d30f682911d653c5708bd11f4618b368
-
SHA256
e73fc8664d068d15d3950b832c8541758ae03d6eb25bf89fa9a9be156350e7ed
-
SHA512
5b6423664c69bcb94fe2f5b8d6e8574ca2c2959bdb6512c14d35324d2326311d7473b6a86823f7de6ec1d2d5b701951513f258918daeb393021c1d5acbf020f2
-
SSDEEP
12288:+ERb53L7jLPsHfoxY5JBNVQ6QL5fDgA1FsHFGjzSU7ucK0rxEwYN6u04XX4ZSBrY:vLPkPvS3uGkQxEwYzTVFsfyU97GYxOo
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-