General
-
Target
864c60986b6f51d4dc811b9b897865705d1db27e6299fd00d5ce822b4b02d9f8
-
Size
524KB
-
Sample
221128-qdbwaaag4t
-
MD5
06cc29e1aa42737cc69ae959c8780f90
-
SHA1
5b0b8056b0b3a53ab31160131f7df0126821a4a0
-
SHA256
864c60986b6f51d4dc811b9b897865705d1db27e6299fd00d5ce822b4b02d9f8
-
SHA512
9dee67aab7c2c928cc1fe0353861d38dca1071a4163203bbea23c7e42057de768e685c05a7fd3a64a2f91c9d071c2d96713750f54c11c44b708d038da4757ae7
-
SSDEEP
12288:AMMMMMMMMMMMMMMMMMMvDMMMMMMMMMMMMMMMMMMmWyW985x6joFCI01PoE4BMGGm:AMMMMMMMMMMMMMMMMMMvDMMMMMMMMMMi
Static task
static1
Behavioral task
behavioral1
Sample
864c60986b6f51d4dc811b9b897865705d1db27e6299fd00d5ce822b4b02d9f8.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
864c60986b6f51d4dc811b9b897865705d1db27e6299fd00d5ce822b4b02d9f8.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
864c60986b6f51d4dc811b9b897865705d1db27e6299fd00d5ce822b4b02d9f8
-
Size
524KB
-
MD5
06cc29e1aa42737cc69ae959c8780f90
-
SHA1
5b0b8056b0b3a53ab31160131f7df0126821a4a0
-
SHA256
864c60986b6f51d4dc811b9b897865705d1db27e6299fd00d5ce822b4b02d9f8
-
SHA512
9dee67aab7c2c928cc1fe0353861d38dca1071a4163203bbea23c7e42057de768e685c05a7fd3a64a2f91c9d071c2d96713750f54c11c44b708d038da4757ae7
-
SSDEEP
12288:AMMMMMMMMMMMMMMMMMMvDMMMMMMMMMMMMMMMMMMmWyW985x6joFCI01PoE4BMGGm:AMMMMMMMMMMMMMMMMMMvDMMMMMMMMMMi
-
Modifies WinLogon for persistence
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-