General
-
Target
11674566496.zip
-
Size
569KB
-
Sample
230830-hxxcbsad29
-
MD5
783cae686cadb206eb0d2f56b21cda33
-
SHA1
20066ba2cd836f20368844f5aec923ab4dcf2534
-
SHA256
26bad25289defb0340ab061b79a2bb9130ef3cdf7630c670e9b5eb75165651b1
-
SHA512
11a12b8b57741a763bd5f52aa7e25392e1aeb00c2b7e2760db18cc20d549d47ded55b30a992c882ba1215a4f3313ab674ce82171d8e46e9b5068b54a0eb0475d
-
SSDEEP
12288:IWEJWgvpn6ZZxeZFXalFIzropW3P/xaJM2Fn/I/HigF:hGILxeZFXal0WWwMqnACY
Static task
static1
Behavioral task
behavioral1
Sample
e63b24adf9119f7d500167a62d62d3b8a35f4694f8488fc764523fd322fb2dce.exe
Resource
win7-20230712-en
Malware Config
Targets
-
-
Target
e63b24adf9119f7d500167a62d62d3b8a35f4694f8488fc764523fd322fb2dce
-
Size
612KB
-
MD5
8ce71e40eda2d9304c1e127c60500e0c
-
SHA1
93ef97529dcaa047d023456103827b6f97345caf
-
SHA256
e63b24adf9119f7d500167a62d62d3b8a35f4694f8488fc764523fd322fb2dce
-
SHA512
12c8386596d215cf56e6e14db5e14cce8b65a90c028f75abcce5169c0830f505bb82473232e58b1cf53b17375cc4f1c0054702ed7920033658f3fe327cb1a8e8
-
SSDEEP
12288:2C9nooXEOly/1vzgvTYKCT0T9Cg4bRWCc9OY9uF/:2Caf1790T90ICc9fw
-
Modifies WinLogon for persistence
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-