General
-
Target
f6844965f4e0ef7f2ef87a8ad82fd8472aca0518a6377dd15b823dd0d23b7cd2
-
Size
1.4MB
-
Sample
221203-m7j7zahd2z
-
MD5
82fbd809b2a835855471245d1cd914ac
-
SHA1
cf7b6e665bae3a6fb3a2e5885ef4a5d546e2cf1d
-
SHA256
f6844965f4e0ef7f2ef87a8ad82fd8472aca0518a6377dd15b823dd0d23b7cd2
-
SHA512
a1d1291b605eaf81febc725ac13fc1f607f5660d852240d398d32bc4b1b4c726722f94f2848efccefcc0bea3f7d16507a26cf128fe2f4aadcb061a717cbefdd0
-
SSDEEP
12288:X6PH2EQKLWiaYnZMWPnH8Q7ADt6k2M6OJcydD1A5HQob1fj+ska:X4HHLLJnHh7i6j2c6mRfH1
Malware Config
Targets
-
-
Target
f6844965f4e0ef7f2ef87a8ad82fd8472aca0518a6377dd15b823dd0d23b7cd2
-
Size
1.4MB
-
MD5
82fbd809b2a835855471245d1cd914ac
-
SHA1
cf7b6e665bae3a6fb3a2e5885ef4a5d546e2cf1d
-
SHA256
f6844965f4e0ef7f2ef87a8ad82fd8472aca0518a6377dd15b823dd0d23b7cd2
-
SHA512
a1d1291b605eaf81febc725ac13fc1f607f5660d852240d398d32bc4b1b4c726722f94f2848efccefcc0bea3f7d16507a26cf128fe2f4aadcb061a717cbefdd0
-
SSDEEP
12288:X6PH2EQKLWiaYnZMWPnH8Q7ADt6k2M6OJcydD1A5HQob1fj+ska:X4HHLLJnHh7i6j2c6mRfH1
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Adds policy Run key to start application
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-