General
-
Target
545778886ec6aacd7a33e1865c938ca43ebe4be2d7169f2a91fc030be7141823
-
Size
562KB
-
Sample
221127-rbjc1sce55
-
MD5
f886c38a35b5b55226ee4160baf51f43
-
SHA1
36c3a0571a2123f71ad168501857de60790041b7
-
SHA256
545778886ec6aacd7a33e1865c938ca43ebe4be2d7169f2a91fc030be7141823
-
SHA512
904c7a5deb27d25db399b1724f01a9f3cc5665e994bf3cccc93dd496693264da64f10f2f1e6e92aac847089495228ff6401948bf05199c70c322966a84073b6b
-
SSDEEP
12288:zmOGmPQkxEB95xE3JWsJIoDSKPVpzNKwP/6XFh61CUnIfm5f03:zmxmPQ55x9KdpzNNPiVvUIp
Static task
static1
Behavioral task
behavioral1
Sample
545778886ec6aacd7a33e1865c938ca43ebe4be2d7169f2a91fc030be7141823.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
545778886ec6aacd7a33e1865c938ca43ebe4be2d7169f2a91fc030be7141823
-
Size
562KB
-
MD5
f886c38a35b5b55226ee4160baf51f43
-
SHA1
36c3a0571a2123f71ad168501857de60790041b7
-
SHA256
545778886ec6aacd7a33e1865c938ca43ebe4be2d7169f2a91fc030be7141823
-
SHA512
904c7a5deb27d25db399b1724f01a9f3cc5665e994bf3cccc93dd496693264da64f10f2f1e6e92aac847089495228ff6401948bf05199c70c322966a84073b6b
-
SSDEEP
12288:zmOGmPQkxEB95xE3JWsJIoDSKPVpzNKwP/6XFh61CUnIfm5f03:zmxmPQ55x9KdpzNNPiVvUIp
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-