General
-
Target
dc130041510d3f3e2c13507ea57d0487cc97f8733345cc3e88a61b5553601af1
-
Size
623KB
-
Sample
221128-tn5g5abg3w
-
MD5
8d9b9cb02cfc9a13945296d211a68ef9
-
SHA1
4bf88e960742134ee210c160d65f1ea0474e2f26
-
SHA256
dc130041510d3f3e2c13507ea57d0487cc97f8733345cc3e88a61b5553601af1
-
SHA512
b610bea41102ce53a4f3e80bba83e49e16dbb3b814bf2416c454203e8aca4b5a6c3764669d1d49ab1942166c49886ae0328a9d85d54788f49cf8392b2ee0b3f7
-
SSDEEP
12288:Ck16dkTn0NyiD60EGrxJ+jXeWg7Iej8rWGq+Bbj6EfoqzfpZseXaKeCTOYZ8:CkcE4yshrxVWPej8rJZ/xZXXXdCf
Static task
static1
Behavioral task
behavioral1
Sample
dc130041510d3f3e2c13507ea57d0487cc97f8733345cc3e88a61b5553601af1.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
dc130041510d3f3e2c13507ea57d0487cc97f8733345cc3e88a61b5553601af1.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
dc130041510d3f3e2c13507ea57d0487cc97f8733345cc3e88a61b5553601af1
-
Size
623KB
-
MD5
8d9b9cb02cfc9a13945296d211a68ef9
-
SHA1
4bf88e960742134ee210c160d65f1ea0474e2f26
-
SHA256
dc130041510d3f3e2c13507ea57d0487cc97f8733345cc3e88a61b5553601af1
-
SHA512
b610bea41102ce53a4f3e80bba83e49e16dbb3b814bf2416c454203e8aca4b5a6c3764669d1d49ab1942166c49886ae0328a9d85d54788f49cf8392b2ee0b3f7
-
SSDEEP
12288:Ck16dkTn0NyiD60EGrxJ+jXeWg7Iej8rWGq+Bbj6EfoqzfpZseXaKeCTOYZ8:CkcE4yshrxVWPej8rJZ/xZXXXdCf
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-