General
-
Target
9673fc7fd166aca93663593f207865de732499f0ce9385e9eefe7a9750bb7d9b
-
Size
1.0MB
-
Sample
221128-tnypksbg2x
-
MD5
a40f8340d24e3351f30929d53fb46ad8
-
SHA1
343f92c707dfd750514e1912b289aba32f0506a3
-
SHA256
9673fc7fd166aca93663593f207865de732499f0ce9385e9eefe7a9750bb7d9b
-
SHA512
07f6b351eead4bba65a12ee9f54b18177364aba8ec0c9c1fac9ab83e457cb6cd079749fc569ccc8cf5fa9b3495a21613648135b5d2e8f7367c34a0eada64fc28
-
SSDEEP
24576:bVgvqhqV6jupRNn+3DQvWllm/AZ02jsHkOikP:Gb66pRNn+cvWlTvsQk
Static task
static1
Behavioral task
behavioral1
Sample
9673fc7fd166aca93663593f207865de732499f0ce9385e9eefe7a9750bb7d9b.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
9673fc7fd166aca93663593f207865de732499f0ce9385e9eefe7a9750bb7d9b
-
Size
1.0MB
-
MD5
a40f8340d24e3351f30929d53fb46ad8
-
SHA1
343f92c707dfd750514e1912b289aba32f0506a3
-
SHA256
9673fc7fd166aca93663593f207865de732499f0ce9385e9eefe7a9750bb7d9b
-
SHA512
07f6b351eead4bba65a12ee9f54b18177364aba8ec0c9c1fac9ab83e457cb6cd079749fc569ccc8cf5fa9b3495a21613648135b5d2e8f7367c34a0eada64fc28
-
SSDEEP
24576:bVgvqhqV6jupRNn+3DQvWllm/AZ02jsHkOikP:Gb66pRNn+cvWlTvsQk
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-