General
-
Target
fbc180d50a614aef896f0808f1a840997d108ba7d08a8ef24df7d67da7875449
-
Size
456KB
-
Sample
221127-rd5zsscf85
-
MD5
60a530875273e57da23228d1b79462f0
-
SHA1
61efdbbf45cbfb807ba027d83df52d320d845645
-
SHA256
fbc180d50a614aef896f0808f1a840997d108ba7d08a8ef24df7d67da7875449
-
SHA512
198fed455daaa7d18373b1c7d8863a7614d6e54722e5371f78fa6c88371e7d33f34d05d1f7837b48d67ae167c651f473916a578c7b68c5a7a4278821ad9d0a9a
-
SSDEEP
12288:qLad6V2iV2JPbiewHFNXHKt9R5hSdCc8ULh4s4zjag/E:Cad6V2iV2JPJwfHKtD5h3EB43F/E
Static task
static1
Behavioral task
behavioral1
Sample
fbc180d50a614aef896f0808f1a840997d108ba7d08a8ef24df7d67da7875449.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
fbc180d50a614aef896f0808f1a840997d108ba7d08a8ef24df7d67da7875449
-
Size
456KB
-
MD5
60a530875273e57da23228d1b79462f0
-
SHA1
61efdbbf45cbfb807ba027d83df52d320d845645
-
SHA256
fbc180d50a614aef896f0808f1a840997d108ba7d08a8ef24df7d67da7875449
-
SHA512
198fed455daaa7d18373b1c7d8863a7614d6e54722e5371f78fa6c88371e7d33f34d05d1f7837b48d67ae167c651f473916a578c7b68c5a7a4278821ad9d0a9a
-
SSDEEP
12288:qLad6V2iV2JPbiewHFNXHKt9R5hSdCc8ULh4s4zjag/E:Cad6V2iV2JPJwfHKtD5h3EB43F/E
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-