General
-
Target
d065cbedb74b7ceb1b9b81fcaacd939cc5ede22951b6ab423b80a8aee2fe7b67
-
Size
623KB
-
Sample
221128-tn54naga23
-
MD5
94ac1eaa163a4eaa7f3c2af1a6492576
-
SHA1
d02541e530c70d17e7eef45db7721276b37d9115
-
SHA256
d065cbedb74b7ceb1b9b81fcaacd939cc5ede22951b6ab423b80a8aee2fe7b67
-
SHA512
ee461a658d82349d89732e6782d5606b591d6368ddba56971a2a1863f02886618635fbcd516ae3945176614c893a7257b57950a84cd7d060224d154411940b1b
-
SSDEEP
12288:nOzdPODoltF8z7gk8+szS510FdxCiyiKVEQhbtqnPIRI9UzBzfpZseXaKeCTOYZ8:nOzdztyz715EvTCiy2sbtCGhxZXXXdCf
Static task
static1
Behavioral task
behavioral1
Sample
d065cbedb74b7ceb1b9b81fcaacd939cc5ede22951b6ab423b80a8aee2fe7b67.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d065cbedb74b7ceb1b9b81fcaacd939cc5ede22951b6ab423b80a8aee2fe7b67.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
d065cbedb74b7ceb1b9b81fcaacd939cc5ede22951b6ab423b80a8aee2fe7b67
-
Size
623KB
-
MD5
94ac1eaa163a4eaa7f3c2af1a6492576
-
SHA1
d02541e530c70d17e7eef45db7721276b37d9115
-
SHA256
d065cbedb74b7ceb1b9b81fcaacd939cc5ede22951b6ab423b80a8aee2fe7b67
-
SHA512
ee461a658d82349d89732e6782d5606b591d6368ddba56971a2a1863f02886618635fbcd516ae3945176614c893a7257b57950a84cd7d060224d154411940b1b
-
SSDEEP
12288:nOzdPODoltF8z7gk8+szS510FdxCiyiKVEQhbtqnPIRI9UzBzfpZseXaKeCTOYZ8:nOzdztyz715EvTCiy2sbtCGhxZXXXdCf
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-