General
-
Target
f626d873512895ed8be4ead8d18d4db04bdb19a74a83d44759a45257582a75cd.exe
-
Size
400KB
-
Sample
240710-xtsmasxdrc
-
MD5
9428d54a4aa6eb66abdca820a8f47d12
-
SHA1
abd2a8b44ee4d5fd4cdb947600f340864dcf254f
-
SHA256
f626d873512895ed8be4ead8d18d4db04bdb19a74a83d44759a45257582a75cd
-
SHA512
14024233434003249a918871e81f10048f13fa2079ce5c0bb78893bfef6621d8daa64031539b2a6b4627019935ea43a8f3de9e56937b5ec8a50af08258653c80
-
SSDEEP
12288:OGnKCJuXGUHTmuGwZyYMggzHm64P5WylOHVqZ:OGjutj/mFZylO1qZ
Static task
static1
Behavioral task
behavioral1
Sample
f626d873512895ed8be4ead8d18d4db04bdb19a74a83d44759a45257582a75cd.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
f626d873512895ed8be4ead8d18d4db04bdb19a74a83d44759a45257582a75cd.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
f626d873512895ed8be4ead8d18d4db04bdb19a74a83d44759a45257582a75cd.exe
-
Size
400KB
-
MD5
9428d54a4aa6eb66abdca820a8f47d12
-
SHA1
abd2a8b44ee4d5fd4cdb947600f340864dcf254f
-
SHA256
f626d873512895ed8be4ead8d18d4db04bdb19a74a83d44759a45257582a75cd
-
SHA512
14024233434003249a918871e81f10048f13fa2079ce5c0bb78893bfef6621d8daa64031539b2a6b4627019935ea43a8f3de9e56937b5ec8a50af08258653c80
-
SSDEEP
12288:OGnKCJuXGUHTmuGwZyYMggzHm64P5WylOHVqZ:OGjutj/mFZylO1qZ
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1