General
-
Target
4dfb6e970cba6f407f300f7aae1194748b6cf3965f589cb215a93a0158d5351f
-
Size
586KB
-
Sample
221127-tkdv1aae43
-
MD5
4cd1844f73c8ab6346f0fcac06597c96
-
SHA1
d72b2af26d479a091492f8840da8caf5b192bb2f
-
SHA256
4dfb6e970cba6f407f300f7aae1194748b6cf3965f589cb215a93a0158d5351f
-
SHA512
eb9bd53e79f7b4a9d81bfde011c6959753551b4c2bd3ae6aebea9ea007c098ca6a37fb2be0db9bb98bd28a7cfc4a0654141bd0378ac22c1eae59aa5a3e95d834
-
SSDEEP
12288:RlZOn5NPWJAJRBpWHWTGd1Gaibl6TNxN+eo4Nxm/v0GFV:Re5N+JER6XvGaKl6TJV6
Static task
static1
Behavioral task
behavioral1
Sample
4dfb6e970cba6f407f300f7aae1194748b6cf3965f589cb215a93a0158d5351f.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4dfb6e970cba6f407f300f7aae1194748b6cf3965f589cb215a93a0158d5351f.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
4dfb6e970cba6f407f300f7aae1194748b6cf3965f589cb215a93a0158d5351f
-
Size
586KB
-
MD5
4cd1844f73c8ab6346f0fcac06597c96
-
SHA1
d72b2af26d479a091492f8840da8caf5b192bb2f
-
SHA256
4dfb6e970cba6f407f300f7aae1194748b6cf3965f589cb215a93a0158d5351f
-
SHA512
eb9bd53e79f7b4a9d81bfde011c6959753551b4c2bd3ae6aebea9ea007c098ca6a37fb2be0db9bb98bd28a7cfc4a0654141bd0378ac22c1eae59aa5a3e95d834
-
SSDEEP
12288:RlZOn5NPWJAJRBpWHWTGd1Gaibl6TNxN+eo4Nxm/v0GFV:Re5N+JER6XvGaKl6TJV6
-
Modifies WinLogon for persistence
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-