General
-
Target
49e087a2ac0d209b8409c84ffeba698c0571a2e6be764bb2faf7579f6e68a055
-
Size
604KB
-
Sample
221128-g23jgabg98
-
MD5
0659469dbde42b64e0cbc573e22f9c1b
-
SHA1
d35af91e76c13126c023f7a227c71a2984aa3ec5
-
SHA256
49e087a2ac0d209b8409c84ffeba698c0571a2e6be764bb2faf7579f6e68a055
-
SHA512
8d27a47ec6f5417a59843fce36ef67288e64838750a9a0a1cd01327fba164585b3e8df8f42103365a41d6fb7e8ec5d0e082b01ca76307be421520f38bab27f46
-
SSDEEP
12288:dwU3xRSTH6Z77oj7GPkZU9MudstAl97YbKarcaRpk7:6UCHJjpC9MuC00KnJ7
Static task
static1
Behavioral task
behavioral1
Sample
49e087a2ac0d209b8409c84ffeba698c0571a2e6be764bb2faf7579f6e68a055.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
49e087a2ac0d209b8409c84ffeba698c0571a2e6be764bb2faf7579f6e68a055
-
Size
604KB
-
MD5
0659469dbde42b64e0cbc573e22f9c1b
-
SHA1
d35af91e76c13126c023f7a227c71a2984aa3ec5
-
SHA256
49e087a2ac0d209b8409c84ffeba698c0571a2e6be764bb2faf7579f6e68a055
-
SHA512
8d27a47ec6f5417a59843fce36ef67288e64838750a9a0a1cd01327fba164585b3e8df8f42103365a41d6fb7e8ec5d0e082b01ca76307be421520f38bab27f46
-
SSDEEP
12288:dwU3xRSTH6Z77oj7GPkZU9MudstAl97YbKarcaRpk7:6UCHJjpC9MuC00KnJ7
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-