General
-
Target
60abc37cfc4bfc4ddd45356493f78ffd441d9fc133eee7b954d6d0350ffcabb2
-
Size
1.0MB
-
Sample
221128-wdp1sshd2y
-
MD5
dc03fdb0261a5e747cd3a83153be2df6
-
SHA1
d27ce5f7f2947e7f914153d572025c6ab75792f3
-
SHA256
60abc37cfc4bfc4ddd45356493f78ffd441d9fc133eee7b954d6d0350ffcabb2
-
SHA512
83219bd8fade6479500a30fc0a249d188d569dd9cd802b7c508690b5540dd2e0c0e5f0f4cea1ed5756f2833e7f40adb19a2ce2d0fa2faf5431835faddcc85af1
-
SSDEEP
24576:ySkWMx78Vs5UisGWbNNu6HyVm5L5vCa3cgCObJjRMH:ySix78Vs+fvNJyyqa
Static task
static1
Behavioral task
behavioral1
Sample
60abc37cfc4bfc4ddd45356493f78ffd441d9fc133eee7b954d6d0350ffcabb2.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
60abc37cfc4bfc4ddd45356493f78ffd441d9fc133eee7b954d6d0350ffcabb2
-
Size
1.0MB
-
MD5
dc03fdb0261a5e747cd3a83153be2df6
-
SHA1
d27ce5f7f2947e7f914153d572025c6ab75792f3
-
SHA256
60abc37cfc4bfc4ddd45356493f78ffd441d9fc133eee7b954d6d0350ffcabb2
-
SHA512
83219bd8fade6479500a30fc0a249d188d569dd9cd802b7c508690b5540dd2e0c0e5f0f4cea1ed5756f2833e7f40adb19a2ce2d0fa2faf5431835faddcc85af1
-
SSDEEP
24576:ySkWMx78Vs5UisGWbNNu6HyVm5L5vCa3cgCObJjRMH:ySix78Vs+fvNJyyqa
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-