General
-
Target
834cb94448e55a4707a71c78ae0ce5f44a0aeeb98823ccf7e0a7d5114943df6a
-
Size
1023KB
-
Sample
221128-xdz2facd5w
-
MD5
48a7ffc306eb2df89fa8d5e76bb9f84a
-
SHA1
b35ac93dc1c8960b5535f3ea9115ce462563df95
-
SHA256
834cb94448e55a4707a71c78ae0ce5f44a0aeeb98823ccf7e0a7d5114943df6a
-
SHA512
d39728d7044bded26c539ae80f64db38ee97495b657f3c7dc534575ef25537ab35319c10115e082ceaeecaa9d771ac6856c590287fcac9e56fca22e9e14964b6
-
SSDEEP
24576:JlvEhuUvl2xtTaZL3LMNy32TkC4N8tHZkI0hVGSb4Glxrzd3Qcj:vvEPYxsr32TJ4UHZkLVj4Y9d3Qcj
Static task
static1
Behavioral task
behavioral1
Sample
834cb94448e55a4707a71c78ae0ce5f44a0aeeb98823ccf7e0a7d5114943df6a.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
834cb94448e55a4707a71c78ae0ce5f44a0aeeb98823ccf7e0a7d5114943df6a
-
Size
1023KB
-
MD5
48a7ffc306eb2df89fa8d5e76bb9f84a
-
SHA1
b35ac93dc1c8960b5535f3ea9115ce462563df95
-
SHA256
834cb94448e55a4707a71c78ae0ce5f44a0aeeb98823ccf7e0a7d5114943df6a
-
SHA512
d39728d7044bded26c539ae80f64db38ee97495b657f3c7dc534575ef25537ab35319c10115e082ceaeecaa9d771ac6856c590287fcac9e56fca22e9e14964b6
-
SSDEEP
24576:JlvEhuUvl2xtTaZL3LMNy32TkC4N8tHZkI0hVGSb4Glxrzd3Qcj:vvEPYxsr32TJ4UHZkLVj4Y9d3Qcj
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-