10752297395[.]zip

Resubmissions

12-06-2023 20:39

230612-zfdbkadg48 10

12-06-2023 20:22

230612-y5s8msdf86 10

Sharing

Copy URL

Twitter E-mail

General

Target

10752297395.zip
Size

300KB
MD5

cc8ae23ec9c4ef24b93c644ab0d5d85e
SHA1

5a0346d9e3bfbec9625afcabfdec893516fb8f1d
SHA256

772930c5c47fe742b60b441f8150edaa558ba9bbf13fb0f751b7d9dbdd828f21
SHA512

bce7d180a6896888c0e4391a12a8743f8253a5f1d6917deaee90c39eaa1f1abc57fa81bda31c7353b352e3c3468a2763ff39780ee59a1d0562da630ce8ac0956
SSDEEP

6144:waJzmulUNpdMjFrk+iGAmc0xHknHqVSpHfz8IqtDvVg:fJHlUNp6lk+6qFknKUp/z8IqtS

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/d98055b5dedd4f2cf8f5e018af92c2d8230e520bb32fe5119789c1a9db6a4f0d	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

Processes:

resource	yara_rule
static1/unpack001/d98055b5dedd4f2cf8f5e018af92c2d8230e520bb32fe5119789c1a9db6a4f0d	MailPassView

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

Processes:

resource	yara_rule
static1/unpack001/d98055b5dedd4f2cf8f5e018af92c2d8230e520bb32fe5119789c1a9db6a4f0d	WebBrowserPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/d98055b5dedd4f2cf8f5e018af92c2d8230e520bb32fe5119789c1a9db6a4f0d

Files

10752297395.zip
.zip

Password: infected
d98055b5dedd4f2cf8f5e018af92c2d8230e520bb32fe5119789c1a9db6a4f0d
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 500KB - Virtual size: 499KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 500KB - Virtual size: 499KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B