General
-
Target
microsoft10converters.exe
-
Size
658KB
-
Sample
230507-k4w19afb5v
-
MD5
5e9a63f5b3d8f53478a2889c0eefd510
-
SHA1
d6d545146b969ac2ea389a1f11ffcda377549da2
-
SHA256
4c312e3cce557ee17db0299bcc112699e616fb162afdadf12a41815a4a314b5c
-
SHA512
2ee785eafa4ff4e738f13c26659b479ef84d52977e0c6d054c4b38f228959a0909b8652923b821d557bef7ae3e5f129e6b2c5039b83bb1a71ef464d6e5ef5e87
-
SSDEEP
12288:gXQnnE6+s3WsZ/lkwR939lgKFWRg1xY0VcRuaHuatAUz3huJ7XrjaJ+:gXQnnYsNHXR9NlgobVcUK7UXrj++
Static task
static1
Behavioral task
behavioral1
Sample
microsoft10converters.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
microsoft10converters.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
microsoft10converters.exe
-
Size
658KB
-
MD5
5e9a63f5b3d8f53478a2889c0eefd510
-
SHA1
d6d545146b969ac2ea389a1f11ffcda377549da2
-
SHA256
4c312e3cce557ee17db0299bcc112699e616fb162afdadf12a41815a4a314b5c
-
SHA512
2ee785eafa4ff4e738f13c26659b479ef84d52977e0c6d054c4b38f228959a0909b8652923b821d557bef7ae3e5f129e6b2c5039b83bb1a71ef464d6e5ef5e87
-
SSDEEP
12288:gXQnnE6+s3WsZ/lkwR939lgKFWRg1xY0VcRuaHuatAUz3huJ7XrjaJ+:gXQnnYsNHXR9NlgobVcUK7UXrj++
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-