General
-
Target
68e2219d5bfb8489d428753447ce411f05f7ff19713f1deeddf4b0530992b2f7
-
Size
545KB
-
Sample
221127-v33graeg56
-
MD5
ed6f57b621ab168248a42ede9a80d1ce
-
SHA1
aa5c9da9d0e2a5a5a02bc86a7e0d64a7977ac54b
-
SHA256
68e2219d5bfb8489d428753447ce411f05f7ff19713f1deeddf4b0530992b2f7
-
SHA512
5d5a03fb1cb558dd9fc3d2294f6c4da7cb658de89ba5474d42c64a72bac7b3458666a2f8964892d61eb028eec7db67d2ff20d626efb11528426365cb55f813de
-
SSDEEP
12288:hx+fVaM87U2lEs+jWZdojPjn9O/FUMCyw++:m0R7UIFZdo/9aKNy
Static task
static1
Behavioral task
behavioral1
Sample
68e2219d5bfb8489d428753447ce411f05f7ff19713f1deeddf4b0530992b2f7.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
68e2219d5bfb8489d428753447ce411f05f7ff19713f1deeddf4b0530992b2f7.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
68e2219d5bfb8489d428753447ce411f05f7ff19713f1deeddf4b0530992b2f7
-
Size
545KB
-
MD5
ed6f57b621ab168248a42ede9a80d1ce
-
SHA1
aa5c9da9d0e2a5a5a02bc86a7e0d64a7977ac54b
-
SHA256
68e2219d5bfb8489d428753447ce411f05f7ff19713f1deeddf4b0530992b2f7
-
SHA512
5d5a03fb1cb558dd9fc3d2294f6c4da7cb658de89ba5474d42c64a72bac7b3458666a2f8964892d61eb028eec7db67d2ff20d626efb11528426365cb55f813de
-
SSDEEP
12288:hx+fVaM87U2lEs+jWZdojPjn9O/FUMCyw++:m0R7UIFZdo/9aKNy
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops file in Drivers directory
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-