General
-
Target
39513bfb1b10da26d0383df5890d262217edf8a5f8777b690c96f16d878020d9
-
Size
452KB
-
Sample
221127-r9p88aaf51
-
MD5
1374dc764d10e24b934610085945a98f
-
SHA1
62f751b2c7c18fcb5efd3f1efc4bca73cc10b61d
-
SHA256
39513bfb1b10da26d0383df5890d262217edf8a5f8777b690c96f16d878020d9
-
SHA512
f199e6b2883fc63b21bb30e66d7737c716d75c4e25524f04f4b6d31ff8aabcd74f4c0b89b975d61ada1800a9ee4873f121d2e8896a0cb02d4b565d15a946f05b
-
SSDEEP
6144:TeKdaA5nDBc0z+JCsl7iJE03tagJbZeW+wchzqXlD+cP07Nk0vYUgBc2DSyOXYVW:T7k0isIMEKtrR6h+XwMcNk2YnS
Static task
static1
Behavioral task
behavioral1
Sample
39513bfb1b10da26d0383df5890d262217edf8a5f8777b690c96f16d878020d9.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
39513bfb1b10da26d0383df5890d262217edf8a5f8777b690c96f16d878020d9
-
Size
452KB
-
MD5
1374dc764d10e24b934610085945a98f
-
SHA1
62f751b2c7c18fcb5efd3f1efc4bca73cc10b61d
-
SHA256
39513bfb1b10da26d0383df5890d262217edf8a5f8777b690c96f16d878020d9
-
SHA512
f199e6b2883fc63b21bb30e66d7737c716d75c4e25524f04f4b6d31ff8aabcd74f4c0b89b975d61ada1800a9ee4873f121d2e8896a0cb02d4b565d15a946f05b
-
SSDEEP
6144:TeKdaA5nDBc0z+JCsl7iJE03tagJbZeW+wchzqXlD+cP07Nk0vYUgBc2DSyOXYVW:T7k0isIMEKtrR6h+XwMcNk2YnS
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-