General
-
Target
c14608ff1f941233ce40b6315883c297c40301643ccef1b36ee25cf1d27438b0
-
Size
732KB
-
Sample
221128-w2ejzabd5w
-
MD5
afa375e9ac70825064232b450f7842fb
-
SHA1
39da0f8088e1dc0f182af9acc11b1a208923f0b7
-
SHA256
c14608ff1f941233ce40b6315883c297c40301643ccef1b36ee25cf1d27438b0
-
SHA512
4fc96765ac09838703f50462cc22d8990ab38af336d636d7ba541244bf28ca443bf004ea8727fa08a6b0dfcddae0dffeb8f730a6fa7cc277ccb143a3cf241586
-
SSDEEP
12288:DAabfioeBJ3bChfWLMpiwcQmUMv/SajBCJNwcCq/mvB8pdm+DFETxP9:11y3uhf1m3nNjBkwcCq/hdD8P9
Static task
static1
Behavioral task
behavioral1
Sample
c14608ff1f941233ce40b6315883c297c40301643ccef1b36ee25cf1d27438b0.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
c14608ff1f941233ce40b6315883c297c40301643ccef1b36ee25cf1d27438b0
-
Size
732KB
-
MD5
afa375e9ac70825064232b450f7842fb
-
SHA1
39da0f8088e1dc0f182af9acc11b1a208923f0b7
-
SHA256
c14608ff1f941233ce40b6315883c297c40301643ccef1b36ee25cf1d27438b0
-
SHA512
4fc96765ac09838703f50462cc22d8990ab38af336d636d7ba541244bf28ca443bf004ea8727fa08a6b0dfcddae0dffeb8f730a6fa7cc277ccb143a3cf241586
-
SSDEEP
12288:DAabfioeBJ3bChfWLMpiwcQmUMv/SajBCJNwcCq/mvB8pdm+DFETxP9:11y3uhf1m3nNjBkwcCq/hdD8P9
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-