General
-
Target
10743387837.zip
-
Size
596KB
-
Sample
230613-xbr8taad92
-
MD5
4ad0377c1a5ba6880fe1fcea7c35e1f9
-
SHA1
0a7ec3e591a4a2d38465ebe2fcc627b7e647364c
-
SHA256
0a213049df4abf319dbb1c1bd1b5114ffa01bca076e2880dd25e5a8567561f95
-
SHA512
acda92b6563f61f5a2efa754908e10acf9c43306f4990181992561cda7908a9c2799e6946dc50b47813745d38b481da6c70215a929fc16c35b86f18d8ae60d1b
-
SSDEEP
12288:c+MRCIGcqPoBlfNg/gdTWvl4qRVSMekFM/s0RjtVNJAZD4NC:clR6DWli/gdYlvzSMx+k0RjjAn
Static task
static1
Behavioral task
behavioral1
Sample
c2d55f54c26d6f73908c7138e999fadcb9a8617fea8f56cee943f93956adfa12.doc
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c2d55f54c26d6f73908c7138e999fadcb9a8617fea8f56cee943f93956adfa12.doc
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
c2d55f54c26d6f73908c7138e999fadcb9a8617fea8f56cee943f93956adfa12
-
Size
679KB
-
MD5
7f075616272cca52e731c11080d0f3ef
-
SHA1
b5142fe556fc114eb221c4b14ad9d19c9e83fe83
-
SHA256
c2d55f54c26d6f73908c7138e999fadcb9a8617fea8f56cee943f93956adfa12
-
SHA512
f9fe3bb4f04138c8c924a74f35c293cbe3e777a6f2993c0352e4de9f6677807fcb982190d2a070925ee7a6810a136f2f7c1358babe5e8087736513f6b77982a7
-
SSDEEP
12288:WXQnnE6+s3WsZ/lkwR939lgKFWRg1xY0VcRuaHuatAUz3huJ7XrjaJ+:WXQnnYsNHXR9NlgobVcUK7UXrj++
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-