General
-
Target
58300ed487030f27d336224eab15a9d105f5ed5f7bb9fb40fe27f8c0f4c53b9f
-
Size
954KB
-
Sample
221128-gz2jdsfg8y
-
MD5
4aba18b63e0787b1df8f07d624fd85f1
-
SHA1
b7f3d2f5be26d1b6705dc49b22070bd81fe8f601
-
SHA256
58300ed487030f27d336224eab15a9d105f5ed5f7bb9fb40fe27f8c0f4c53b9f
-
SHA512
450081962c03bf08c36214f6b62d1ade04005950cab073ed41d7dfe7aa1539fa9e4e8ec2ea32c054a8518d5c3a391817047cfc85367847419d5ba5a16945d0f6
-
SSDEEP
12288:aWR/kC+1YIwHzgBcix3x5rn1GJIShUkIzsSFqI/xRWBgFm4:aWRMZYIw8BcQGJTek47//xQ
Static task
static1
Behavioral task
behavioral1
Sample
58300ed487030f27d336224eab15a9d105f5ed5f7bb9fb40fe27f8c0f4c53b9f.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
58300ed487030f27d336224eab15a9d105f5ed5f7bb9fb40fe27f8c0f4c53b9f.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
58300ed487030f27d336224eab15a9d105f5ed5f7bb9fb40fe27f8c0f4c53b9f
-
Size
954KB
-
MD5
4aba18b63e0787b1df8f07d624fd85f1
-
SHA1
b7f3d2f5be26d1b6705dc49b22070bd81fe8f601
-
SHA256
58300ed487030f27d336224eab15a9d105f5ed5f7bb9fb40fe27f8c0f4c53b9f
-
SHA512
450081962c03bf08c36214f6b62d1ade04005950cab073ed41d7dfe7aa1539fa9e4e8ec2ea32c054a8518d5c3a391817047cfc85367847419d5ba5a16945d0f6
-
SSDEEP
12288:aWR/kC+1YIwHzgBcix3x5rn1GJIShUkIzsSFqI/xRWBgFm4:aWRMZYIw8BcQGJTek47//xQ
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-