General
-
Target
8b99d632f384bc365e1b478dde82e030a5dc3eb51b9f58767bd4012a50d83f8f
-
Size
814KB
-
Sample
221130-vzgqwaaf59
-
MD5
401072f6b087f742d80cb9b6f4394141
-
SHA1
58024ebb3fd04470984581b4cdafd732748774e1
-
SHA256
8b99d632f384bc365e1b478dde82e030a5dc3eb51b9f58767bd4012a50d83f8f
-
SHA512
422bfc1ea8e0ef7fb7f04325ef619ec7f6c8e865a20d62a7e30e9647186e9d6421f410228ebfc70611413bde8d7ca112536ed42e2e8cd3faec79ac2b2e184375
-
SSDEEP
12288:LmQZ4NUMNEUHLsrUYVcYkzot2bdOHOJWZDFonFucyJoES+AXV:ZZ4CreJYVcYYoD2OAXV
Static task
static1
Behavioral task
behavioral1
Sample
8b99d632f384bc365e1b478dde82e030a5dc3eb51b9f58767bd4012a50d83f8f.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8b99d632f384bc365e1b478dde82e030a5dc3eb51b9f58767bd4012a50d83f8f.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
8b99d632f384bc365e1b478dde82e030a5dc3eb51b9f58767bd4012a50d83f8f
-
Size
814KB
-
MD5
401072f6b087f742d80cb9b6f4394141
-
SHA1
58024ebb3fd04470984581b4cdafd732748774e1
-
SHA256
8b99d632f384bc365e1b478dde82e030a5dc3eb51b9f58767bd4012a50d83f8f
-
SHA512
422bfc1ea8e0ef7fb7f04325ef619ec7f6c8e865a20d62a7e30e9647186e9d6421f410228ebfc70611413bde8d7ca112536ed42e2e8cd3faec79ac2b2e184375
-
SSDEEP
12288:LmQZ4NUMNEUHLsrUYVcYkzot2bdOHOJWZDFonFucyJoES+AXV:ZZ4CreJYVcYYoD2OAXV
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-