General
-
Target
47596c6f36932852cd7b8127269779861ecbbc32eb994a11b279b0c5da4c2e47
-
Size
421KB
-
Sample
230609-3dwa5see2t
-
MD5
d7785eb032bdc8df551ceda9933688d0
-
SHA1
5e454bd1f8097155f40bec0d64c60f4aae1c988c
-
SHA256
47596c6f36932852cd7b8127269779861ecbbc32eb994a11b279b0c5da4c2e47
-
SHA512
f71fcaee801179df15c505a77da079aebe45d80c325bc7f60d4afdd2ed25e1589fa6d20ba6414f2adee05c49add6e337dcf29c0ff3cf6b44c531b8e6d4308c16
-
SSDEEP
6144:wZuuObR8sVImcyYJnuptejV0rXkSfvyXwXtYV/wADJ2oC9IAyBDxnlYAVjk10k9j:nV+mzLgkvywC2ok9OpC0k9a3hAeXAZ
Static task
static1
Behavioral task
behavioral1
Sample
47596c6f36932852cd7b8127269779861ecbbc32eb994a11b279b0c5da4c2e47.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
47596c6f36932852cd7b8127269779861ecbbc32eb994a11b279b0c5da4c2e47
-
Size
421KB
-
MD5
d7785eb032bdc8df551ceda9933688d0
-
SHA1
5e454bd1f8097155f40bec0d64c60f4aae1c988c
-
SHA256
47596c6f36932852cd7b8127269779861ecbbc32eb994a11b279b0c5da4c2e47
-
SHA512
f71fcaee801179df15c505a77da079aebe45d80c325bc7f60d4afdd2ed25e1589fa6d20ba6414f2adee05c49add6e337dcf29c0ff3cf6b44c531b8e6d4308c16
-
SSDEEP
6144:wZuuObR8sVImcyYJnuptejV0rXkSfvyXwXtYV/wADJ2oC9IAyBDxnlYAVjk10k9j:nV+mzLgkvywC2ok9OpC0k9a3hAeXAZ
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-