General
-
Target
8fc39c05dda205918f508befdb98572cb4a164b56b2a3b692a1cbe00ed254b42
-
Size
452KB
-
Sample
221127-rb57sace78
-
MD5
9cc805b970aa48ed338335b0d4da5700
-
SHA1
dcbe3274f26c7272f34b93303556fd0c5309c70a
-
SHA256
8fc39c05dda205918f508befdb98572cb4a164b56b2a3b692a1cbe00ed254b42
-
SHA512
89dadb66290055e99f6db4a262cd48cf7fcd0f30f2d9d67c7330e1adc272a91c2d1cbd352eb70bdf6192ba6157a9db825a50d0e5b9691256592fd6b02714d1f2
-
SSDEEP
12288:gZQ+qYNKE9XJJ608ZazJSoO0WzYdgYKDBCm:gZQwKEMc9FO0Jg
Static task
static1
Behavioral task
behavioral1
Sample
8fc39c05dda205918f508befdb98572cb4a164b56b2a3b692a1cbe00ed254b42.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
8fc39c05dda205918f508befdb98572cb4a164b56b2a3b692a1cbe00ed254b42
-
Size
452KB
-
MD5
9cc805b970aa48ed338335b0d4da5700
-
SHA1
dcbe3274f26c7272f34b93303556fd0c5309c70a
-
SHA256
8fc39c05dda205918f508befdb98572cb4a164b56b2a3b692a1cbe00ed254b42
-
SHA512
89dadb66290055e99f6db4a262cd48cf7fcd0f30f2d9d67c7330e1adc272a91c2d1cbd352eb70bdf6192ba6157a9db825a50d0e5b9691256592fd6b02714d1f2
-
SSDEEP
12288:gZQ+qYNKE9XJJ608ZazJSoO0WzYdgYKDBCm:gZQwKEMc9FO0Jg
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-