General
-
Target
11998669374.zip
-
Size
300KB
-
Sample
230927-jxqefsad59
-
MD5
29f487e3f734190c8672209bcf997e29
-
SHA1
3c215e27531308edd9c02ab4d8315ee2e45a770f
-
SHA256
9b1db1e91a89dbca9fd67f2796c1fd46111381a98c661382a25186d0c870bfde
-
SHA512
63b715c6d3acc2f794aa729c8de2a52d7aea38a5f793fc944528795d25442d95834397748b4091a872a61f71138352a536d2668d7631852c6f5314ca34e1cc84
-
SSDEEP
6144:ZX31Uo70eSC2C5tD/IO4nGex3HnA4UmxmVQs3TqSbggcwy0tPtzvyoa:Z31SqxXD/CnPNHzHxmz32puy0tFzvla
Static task
static1
Behavioral task
behavioral1
Sample
6e4fa5f776b899d3d3d0cc1da69ff6165aefafd46f70ddb55399c73ba6f965cd.exe
Resource
win7-20230831-en
Malware Config
Targets
-
-
Target
6e4fa5f776b899d3d3d0cc1da69ff6165aefafd46f70ddb55399c73ba6f965cd
-
Size
505KB
-
MD5
c3564cf4b0455ffab930884b3e81626b
-
SHA1
ebfdbbc304368f44aed3ab69d609f7965fdf4021
-
SHA256
6e4fa5f776b899d3d3d0cc1da69ff6165aefafd46f70ddb55399c73ba6f965cd
-
SHA512
3f69ab1622b9a558e3f37fc677d21223dee21e3f8f5af16367b437d73219eb51328d18cd9b1eca2437aa12da37ddf45d3e46544b0e500010a9389b4d797a9bfb
-
SSDEEP
6144:IR3bS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9SRI:K3QtqB5urTIoYWBQk1E+VF9mOx9Z
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-