General
-
Target
4d958dceb80f3dae724d3ce61a0500af0f068e359c3b8779ad2f6f51d66344dd
-
Size
609KB
-
Sample
221127-vm5beadf49
-
MD5
14725043e653ec1a38c41ca89cab5985
-
SHA1
bc1e44236e576e801091b90c3f5da097df54fe84
-
SHA256
4d958dceb80f3dae724d3ce61a0500af0f068e359c3b8779ad2f6f51d66344dd
-
SHA512
2c036218f6e163a5c8cbdc86a54b546eeb80e0e0c5f03ddd99e0c0753ce23a1cf9622197788baf286ecabedc10e6decda81badc8564c847d894fdce7df8699fd
-
SSDEEP
12288:F/O6qimScqclY5BuHiQXk36gKOyl4sppbfWruHr:FW6qqcqclYbIkFdO44pbfW
Static task
static1
Behavioral task
behavioral1
Sample
4d958dceb80f3dae724d3ce61a0500af0f068e359c3b8779ad2f6f51d66344dd.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4d958dceb80f3dae724d3ce61a0500af0f068e359c3b8779ad2f6f51d66344dd.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
4d958dceb80f3dae724d3ce61a0500af0f068e359c3b8779ad2f6f51d66344dd
-
Size
609KB
-
MD5
14725043e653ec1a38c41ca89cab5985
-
SHA1
bc1e44236e576e801091b90c3f5da097df54fe84
-
SHA256
4d958dceb80f3dae724d3ce61a0500af0f068e359c3b8779ad2f6f51d66344dd
-
SHA512
2c036218f6e163a5c8cbdc86a54b546eeb80e0e0c5f03ddd99e0c0753ce23a1cf9622197788baf286ecabedc10e6decda81badc8564c847d894fdce7df8699fd
-
SSDEEP
12288:F/O6qimScqclY5BuHiQXk36gKOyl4sppbfWruHr:FW6qqcqclYbIkFdO44pbfW
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-