General
-
Target
0c62cd3bf48eff217cc88c84c46f2b39f5119015154d533bf02e68fe52582888
-
Size
749KB
-
Sample
221127-t8htvsfh9s
-
MD5
28d7e62d5097e9985dc55de27e76d957
-
SHA1
4d520f83e5edba0fdae977dec793c5f534eef2f0
-
SHA256
0c62cd3bf48eff217cc88c84c46f2b39f5119015154d533bf02e68fe52582888
-
SHA512
0b91ff4339e2aafa3d14626927c9ca40cb2379ce0225d1de661eeaf299351ba47dda88f15cd99d754f05083056d8b2f3f957f7f02e6b666e292b7d9011a95a0a
-
SSDEEP
12288:2oBlcepukALreMwhvM0bvdnI/oMtaFlPSrPYa3Hql5lz3mV9oUq5gX9l3wck+zP1:HrdALr9whvnv0iS0sHMXqoUiA9I1Tbu
Static task
static1
Behavioral task
behavioral1
Sample
0c62cd3bf48eff217cc88c84c46f2b39f5119015154d533bf02e68fe52582888.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0c62cd3bf48eff217cc88c84c46f2b39f5119015154d533bf02e68fe52582888.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
0c62cd3bf48eff217cc88c84c46f2b39f5119015154d533bf02e68fe52582888
-
Size
749KB
-
MD5
28d7e62d5097e9985dc55de27e76d957
-
SHA1
4d520f83e5edba0fdae977dec793c5f534eef2f0
-
SHA256
0c62cd3bf48eff217cc88c84c46f2b39f5119015154d533bf02e68fe52582888
-
SHA512
0b91ff4339e2aafa3d14626927c9ca40cb2379ce0225d1de661eeaf299351ba47dda88f15cd99d754f05083056d8b2f3f957f7f02e6b666e292b7d9011a95a0a
-
SSDEEP
12288:2oBlcepukALreMwhvM0bvdnI/oMtaFlPSrPYa3Hql5lz3mV9oUq5gX9l3wck+zP1:HrdALr9whvnv0iS0sHMXqoUiA9I1Tbu
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-