General
-
Target
26477ec58bc6dff3db4c946ddd432be755987a06334423c97cc333c136e122f7
-
Size
1.4MB
-
Sample
221127-tz8zpabg37
-
MD5
ad479921a6eba2f3d93bc3b7208c1b88
-
SHA1
ca0600ca5b7e96f393e5e45d2df51cfaa91002aa
-
SHA256
26477ec58bc6dff3db4c946ddd432be755987a06334423c97cc333c136e122f7
-
SHA512
bcab8c603d239d97e5a9cca77c757ccdba0f4788e344219057c4dd3b0efd6c610e1f9dbc74f0548bdf242136724ccaaf2642721f6c5d5ba2bcd522c63847fd18
-
SSDEEP
24576:jGbgfRbTS9G8cvU7Q8tq7VX7qMa8yPOFjT2OSmq:jGbgfRTSs8qxB7qGMOxT2Nmq
Static task
static1
Behavioral task
behavioral1
Sample
26477ec58bc6dff3db4c946ddd432be755987a06334423c97cc333c136e122f7.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
26477ec58bc6dff3db4c946ddd432be755987a06334423c97cc333c136e122f7
-
Size
1.4MB
-
MD5
ad479921a6eba2f3d93bc3b7208c1b88
-
SHA1
ca0600ca5b7e96f393e5e45d2df51cfaa91002aa
-
SHA256
26477ec58bc6dff3db4c946ddd432be755987a06334423c97cc333c136e122f7
-
SHA512
bcab8c603d239d97e5a9cca77c757ccdba0f4788e344219057c4dd3b0efd6c610e1f9dbc74f0548bdf242136724ccaaf2642721f6c5d5ba2bcd522c63847fd18
-
SSDEEP
24576:jGbgfRbTS9G8cvU7Q8tq7VX7qMa8yPOFjT2OSmq:jGbgfRTSs8qxB7qGMOxT2Nmq
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-