General
-
Target
8245f69f7c8a141f49a600d2e9fc6b106d44057279a1695f817d3fd51eccd17c
-
Size
1.6MB
-
Sample
221128-wxcvksba2w
-
MD5
0f1324a444ff146cc0f30287fc9e23ab
-
SHA1
76717c29d5f3eb293109e0a308f78f2c9703e96c
-
SHA256
8245f69f7c8a141f49a600d2e9fc6b106d44057279a1695f817d3fd51eccd17c
-
SHA512
3526e2a12685a2a8c7cca3c0bea8f13b28268ad953cb0c02be8aaa270d7980db6fb5c6bc054496f52e78cb3184904e88ad5ea07172937af7e138d2bec0fc0a4e
-
SSDEEP
49152:QBoyP2xcL4jJEtOiKjyUkUA5kFm53Sypn:OoyP2xcUWtcjtkx5kFm5dn
Static task
static1
Behavioral task
behavioral1
Sample
8245f69f7c8a141f49a600d2e9fc6b106d44057279a1695f817d3fd51eccd17c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8245f69f7c8a141f49a600d2e9fc6b106d44057279a1695f817d3fd51eccd17c.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
8245f69f7c8a141f49a600d2e9fc6b106d44057279a1695f817d3fd51eccd17c
-
Size
1.6MB
-
MD5
0f1324a444ff146cc0f30287fc9e23ab
-
SHA1
76717c29d5f3eb293109e0a308f78f2c9703e96c
-
SHA256
8245f69f7c8a141f49a600d2e9fc6b106d44057279a1695f817d3fd51eccd17c
-
SHA512
3526e2a12685a2a8c7cca3c0bea8f13b28268ad953cb0c02be8aaa270d7980db6fb5c6bc054496f52e78cb3184904e88ad5ea07172937af7e138d2bec0fc0a4e
-
SSDEEP
49152:QBoyP2xcL4jJEtOiKjyUkUA5kFm53Sypn:OoyP2xcUWtcjtkx5kFm5dn
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-