General
-
Target
456ec4a0c650e291f13189cab5037c56b03d5291c936351f2f42192743d633a6
-
Size
838KB
-
Sample
221128-g3keaabh44
-
MD5
587652e8b41f7d916e726fd5d10bd957
-
SHA1
400e780afd0bd581f12d22c06bb9fd2169ed0fe5
-
SHA256
456ec4a0c650e291f13189cab5037c56b03d5291c936351f2f42192743d633a6
-
SHA512
43586b834a1e306f64c81172982a526f08af778fb6bf62246d8bc83b385c6067881adda8a362894c5175de2e7df261aded7553c9141febd87f071c45d0fbc8a7
-
SSDEEP
12288:fpdSiZWM2x/8pNZdQs7HyQ/fBSAg1OyGFhQh5BzcxI0blGanoE:fpW9x/8XQ9wBSD1O1FhABKsE
Static task
static1
Behavioral task
behavioral1
Sample
456ec4a0c650e291f13189cab5037c56b03d5291c936351f2f42192743d633a6.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
456ec4a0c650e291f13189cab5037c56b03d5291c936351f2f42192743d633a6
-
Size
838KB
-
MD5
587652e8b41f7d916e726fd5d10bd957
-
SHA1
400e780afd0bd581f12d22c06bb9fd2169ed0fe5
-
SHA256
456ec4a0c650e291f13189cab5037c56b03d5291c936351f2f42192743d633a6
-
SHA512
43586b834a1e306f64c81172982a526f08af778fb6bf62246d8bc83b385c6067881adda8a362894c5175de2e7df261aded7553c9141febd87f071c45d0fbc8a7
-
SSDEEP
12288:fpdSiZWM2x/8pNZdQs7HyQ/fBSAg1OyGFhQh5BzcxI0blGanoE:fpW9x/8XQ9wBSD1O1FhABKsE
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-