General
-
Target
b2439c65663c06884cba034f28714a817402e8024319965aa02fb11a3ead87e0
-
Size
456KB
-
Sample
221127-rcs9lsgd3z
-
MD5
554324dd4a233c2837945b904bf4b5e4
-
SHA1
6a64fbd01d8b65263e926fc3f7e1c46666d7dbf8
-
SHA256
b2439c65663c06884cba034f28714a817402e8024319965aa02fb11a3ead87e0
-
SHA512
3825e577516dee17293a28bbc3e99f192771aa06a9467df81be52c74c8d2513ef89217c1c7a8ebf71ae6137a9439ff76e7eeec653b29ed7d8a345a9a5d988f35
-
SSDEEP
12288:3gxv4WeGKZKq2QRqPw4pBp4ww1+V6mbAXmFgF:AvyDd2QRV4pMww8V6mcXig
Static task
static1
Behavioral task
behavioral1
Sample
b2439c65663c06884cba034f28714a817402e8024319965aa02fb11a3ead87e0.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
b2439c65663c06884cba034f28714a817402e8024319965aa02fb11a3ead87e0
-
Size
456KB
-
MD5
554324dd4a233c2837945b904bf4b5e4
-
SHA1
6a64fbd01d8b65263e926fc3f7e1c46666d7dbf8
-
SHA256
b2439c65663c06884cba034f28714a817402e8024319965aa02fb11a3ead87e0
-
SHA512
3825e577516dee17293a28bbc3e99f192771aa06a9467df81be52c74c8d2513ef89217c1c7a8ebf71ae6137a9439ff76e7eeec653b29ed7d8a345a9a5d988f35
-
SSDEEP
12288:3gxv4WeGKZKq2QRqPw4pBp4ww1+V6mbAXmFgF:AvyDd2QRV4pMww8V6mcXig
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-