General
-
Target
f43b27c3503165788596378560be16f673c568ce8211245086acd019dab112b5
-
Size
600KB
-
Sample
221128-npaq9aeh3y
-
MD5
d3c8ebf24f7d34f3adb09ec1aab5bd42
-
SHA1
6a160ce870eeaba0f1161624607d2f2661690ea8
-
SHA256
f43b27c3503165788596378560be16f673c568ce8211245086acd019dab112b5
-
SHA512
77b7f285f655ab80e282da52c5cefd73dce1fcb8f5cbec899d89bf898aa1436945468ab43049b5074836ed74ba489981b7a365cbdd71f658785257f05290fc87
-
SSDEEP
12288:+D1wuD2M4Lh0V9UQr3d8GdAuSk7CI89tx80+11oFf2JGkGLP7q:+TDz4Lh0V9UQDmGyuSy7H911oSN
Static task
static1
Behavioral task
behavioral1
Sample
f43b27c3503165788596378560be16f673c568ce8211245086acd019dab112b5.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f43b27c3503165788596378560be16f673c568ce8211245086acd019dab112b5.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
f43b27c3503165788596378560be16f673c568ce8211245086acd019dab112b5
-
Size
600KB
-
MD5
d3c8ebf24f7d34f3adb09ec1aab5bd42
-
SHA1
6a160ce870eeaba0f1161624607d2f2661690ea8
-
SHA256
f43b27c3503165788596378560be16f673c568ce8211245086acd019dab112b5
-
SHA512
77b7f285f655ab80e282da52c5cefd73dce1fcb8f5cbec899d89bf898aa1436945468ab43049b5074836ed74ba489981b7a365cbdd71f658785257f05290fc87
-
SSDEEP
12288:+D1wuD2M4Lh0V9UQr3d8GdAuSk7CI89tx80+11oFf2JGkGLP7q:+TDz4Lh0V9UQDmGyuSy7H911oSN
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-