General
-
Target
39a240ec5ed01ed7f5ba29853048a686bbc025ee95ef3d6ed8398adc450f0e5a
-
Size
448KB
-
Sample
221127-rv6bwshf6x
-
MD5
15e5104aa7f2f28b1870143ed824e661
-
SHA1
0d2e7524f86e20414253dc5a49bbdc99a884afeb
-
SHA256
39a240ec5ed01ed7f5ba29853048a686bbc025ee95ef3d6ed8398adc450f0e5a
-
SHA512
63391401aa8079737cd53f27c43ab4d358bc911564e3264276fa7b1d6119f540f7530b7155b7c41f4826e15cd32949123745393e148f04dd32a37723bf021986
-
SSDEEP
12288:K20R6qaxPeLiln2tk9T+1YndHQu1bblA5D7AUmbk:H00eOotk9q1YndPRp8D71mb
Static task
static1
Behavioral task
behavioral1
Sample
39a240ec5ed01ed7f5ba29853048a686bbc025ee95ef3d6ed8398adc450f0e5a.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
39a240ec5ed01ed7f5ba29853048a686bbc025ee95ef3d6ed8398adc450f0e5a
-
Size
448KB
-
MD5
15e5104aa7f2f28b1870143ed824e661
-
SHA1
0d2e7524f86e20414253dc5a49bbdc99a884afeb
-
SHA256
39a240ec5ed01ed7f5ba29853048a686bbc025ee95ef3d6ed8398adc450f0e5a
-
SHA512
63391401aa8079737cd53f27c43ab4d358bc911564e3264276fa7b1d6119f540f7530b7155b7c41f4826e15cd32949123745393e148f04dd32a37723bf021986
-
SSDEEP
12288:K20R6qaxPeLiln2tk9T+1YndHQu1bblA5D7AUmbk:H00eOotk9q1YndPRp8D71mb
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-