General
-
Target
2d3ea48fcc27e2593e625504c4a755d62b9d1dee51623b3c52846007b54cf166
-
Size
1.2MB
-
Sample
221127-txyqyafb4v
-
MD5
55a6bffc579c687d4a0b6ca8b3df32e7
-
SHA1
85e94d2ccfc7fb555ecc078436dbdfa152fdab34
-
SHA256
2d3ea48fcc27e2593e625504c4a755d62b9d1dee51623b3c52846007b54cf166
-
SHA512
a393bd97d2f9183bcc5c307854dd20db8e2b3c12ee866696a31755f8ca503c664e20889c8b6a0db31f0a299cfc151a7d5afa6c6c925b641aa9be670352b8cde9
-
SSDEEP
24576:UfLlKgAD4q6aeQSG06sRfpf9Bcb2THYckvhQtC9:UfgD7F7060xfDcb2rYZZn9
Static task
static1
Behavioral task
behavioral1
Sample
2d3ea48fcc27e2593e625504c4a755d62b9d1dee51623b3c52846007b54cf166.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2d3ea48fcc27e2593e625504c4a755d62b9d1dee51623b3c52846007b54cf166.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
2d3ea48fcc27e2593e625504c4a755d62b9d1dee51623b3c52846007b54cf166
-
Size
1.2MB
-
MD5
55a6bffc579c687d4a0b6ca8b3df32e7
-
SHA1
85e94d2ccfc7fb555ecc078436dbdfa152fdab34
-
SHA256
2d3ea48fcc27e2593e625504c4a755d62b9d1dee51623b3c52846007b54cf166
-
SHA512
a393bd97d2f9183bcc5c307854dd20db8e2b3c12ee866696a31755f8ca503c664e20889c8b6a0db31f0a299cfc151a7d5afa6c6c925b641aa9be670352b8cde9
-
SSDEEP
24576:UfLlKgAD4q6aeQSG06sRfpf9Bcb2THYckvhQtC9:UfgD7F7060xfDcb2rYZZn9
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-