General
-
Target
8c5dddaefb9ddd900bd5f4231783c4b14f4af4f456e53f1ae52d2a9e5f77f019
-
Size
1.3MB
-
Sample
221127-sy5p7sgh59
-
MD5
b5443ca7d9545d8526324ae29767ce75
-
SHA1
b578e2dd25c5126bed7a41e070c7f0df0393dd21
-
SHA256
8c5dddaefb9ddd900bd5f4231783c4b14f4af4f456e53f1ae52d2a9e5f77f019
-
SHA512
171e1f97eafc0f5789666c8ad2218326af477be74bbf8c7ebcc2b4cf851e5bf0c99039d8c3bf16f587574a0a6b2488d498a6fca331d3588c2ed037538d96fc2f
-
SSDEEP
24576:YqQu0RLMFDEjspAv7nHnaYOpdCG/7qUSb3sh7XIfTzzWjU7wSmq:YqQu7FKspI7HaYO+bbb6EhPmq
Static task
static1
Behavioral task
behavioral1
Sample
8c5dddaefb9ddd900bd5f4231783c4b14f4af4f456e53f1ae52d2a9e5f77f019.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8c5dddaefb9ddd900bd5f4231783c4b14f4af4f456e53f1ae52d2a9e5f77f019.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
8c5dddaefb9ddd900bd5f4231783c4b14f4af4f456e53f1ae52d2a9e5f77f019
-
Size
1.3MB
-
MD5
b5443ca7d9545d8526324ae29767ce75
-
SHA1
b578e2dd25c5126bed7a41e070c7f0df0393dd21
-
SHA256
8c5dddaefb9ddd900bd5f4231783c4b14f4af4f456e53f1ae52d2a9e5f77f019
-
SHA512
171e1f97eafc0f5789666c8ad2218326af477be74bbf8c7ebcc2b4cf851e5bf0c99039d8c3bf16f587574a0a6b2488d498a6fca331d3588c2ed037538d96fc2f
-
SSDEEP
24576:YqQu0RLMFDEjspAv7nHnaYOpdCG/7qUSb3sh7XIfTzzWjU7wSmq:YqQu7FKspI7HaYO+bbb6EhPmq
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-