General
-
Target
9981e1795691d629206437af0b64444d3a1fccf022f3d0acd2e958492bd727fa
-
Size
552KB
-
Sample
221128-k652yaca23
-
MD5
7b0911f78a270563fa7ba249430443f6
-
SHA1
3e76334600608f5fdb48111604f474e2a32775ce
-
SHA256
9981e1795691d629206437af0b64444d3a1fccf022f3d0acd2e958492bd727fa
-
SHA512
d7594ce4bccb370c39d7e6f61a256f67885e7424ee7c90c73d706444e2e38e948daf1199abcebe6d1e7704ff1c08b64e1cfa42d29258367c262a5a52ff767212
-
SSDEEP
12288:OoR7Pect6+1/qgkuR8TA8E3iTEu+2fwCZDl9WGnSS6MfLY0Y30:TPectr/qgx8dEGh+MZjW7ALY0
Static task
static1
Behavioral task
behavioral1
Sample
9981e1795691d629206437af0b64444d3a1fccf022f3d0acd2e958492bd727fa.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
9981e1795691d629206437af0b64444d3a1fccf022f3d0acd2e958492bd727fa.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
9981e1795691d629206437af0b64444d3a1fccf022f3d0acd2e958492bd727fa
-
Size
552KB
-
MD5
7b0911f78a270563fa7ba249430443f6
-
SHA1
3e76334600608f5fdb48111604f474e2a32775ce
-
SHA256
9981e1795691d629206437af0b64444d3a1fccf022f3d0acd2e958492bd727fa
-
SHA512
d7594ce4bccb370c39d7e6f61a256f67885e7424ee7c90c73d706444e2e38e948daf1199abcebe6d1e7704ff1c08b64e1cfa42d29258367c262a5a52ff767212
-
SSDEEP
12288:OoR7Pect6+1/qgkuR8TA8E3iTEu+2fwCZDl9WGnSS6MfLY0Y30:TPectr/qgx8dEGh+MZjW7ALY0
-
Modifies WinLogon for persistence
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-