General
-
Target
1c1cd83c7d8928e0d3280bfd8339a7b4585e76bcc77fe7587e6f24c1d0532ec1
-
Size
643KB
-
Sample
221127-t4bvrafe9t
-
MD5
6d06de19abc311a74c0c4e3610895f34
-
SHA1
1e4a4e8c8d3e0eb0924010241ad21bfa552b327e
-
SHA256
1c1cd83c7d8928e0d3280bfd8339a7b4585e76bcc77fe7587e6f24c1d0532ec1
-
SHA512
a94b78e1c7c426669c1e10ad4b27782480dbab91d88037bba73b017798df7d765ed4dd709adaf5e4288c294c14ff382e98be04ac0f0734a4e590884d4234c5c0
-
SSDEEP
12288:XWDEYAKnZts/gkWrDw07EsHcqzMhCma5fhdPHXE91YIE7pd2FI2DZXYx:QEYAKb+8UaEsHjzMDa5fhhoqX2W2DZXY
Static task
static1
Behavioral task
behavioral1
Sample
1c1cd83c7d8928e0d3280bfd8339a7b4585e76bcc77fe7587e6f24c1d0532ec1.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
1c1cd83c7d8928e0d3280bfd8339a7b4585e76bcc77fe7587e6f24c1d0532ec1
-
Size
643KB
-
MD5
6d06de19abc311a74c0c4e3610895f34
-
SHA1
1e4a4e8c8d3e0eb0924010241ad21bfa552b327e
-
SHA256
1c1cd83c7d8928e0d3280bfd8339a7b4585e76bcc77fe7587e6f24c1d0532ec1
-
SHA512
a94b78e1c7c426669c1e10ad4b27782480dbab91d88037bba73b017798df7d765ed4dd709adaf5e4288c294c14ff382e98be04ac0f0734a4e590884d4234c5c0
-
SSDEEP
12288:XWDEYAKnZts/gkWrDw07EsHcqzMhCma5fhdPHXE91YIE7pd2FI2DZXYx:QEYAKb+8UaEsHjzMDa5fhhoqX2W2DZXY
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-