General
-
Target
fa24bccb7b1ac04b82970ea94b8df033e80c57931db0ba5c96ff0506bbca2b87N.exe
-
Size
778KB
-
Sample
241216-wz42vaxkg1
-
MD5
42091ab1b8cbca4e170ed8806cb67ab0
-
SHA1
3d9389b8eed46f39a3bbc975ad05f31e7a0c7d84
-
SHA256
fa24bccb7b1ac04b82970ea94b8df033e80c57931db0ba5c96ff0506bbca2b87
-
SHA512
8c8cd397ac77ce6407037c749ce8b051bb1cbe22a78657463c12d3e8fea235fb2bbeee470ba35fa6c09296f28cc57b2ef8ec394319c1b4278efb89338c417e46
-
SSDEEP
12288:i2fgeSMXkVxNnFKZCQTUvBmqTmR6tpOudwzvmzc/J97OTv7w4m22Ry:hgexKx1Fco5La07wzvKcfOTTwh2r
Static task
static1
Behavioral task
behavioral1
Sample
fa24bccb7b1ac04b82970ea94b8df033e80c57931db0ba5c96ff0506bbca2b87N.exe
Resource
win7-20241023-en
Malware Config
Targets
-
-
Target
fa24bccb7b1ac04b82970ea94b8df033e80c57931db0ba5c96ff0506bbca2b87N.exe
-
Size
778KB
-
MD5
42091ab1b8cbca4e170ed8806cb67ab0
-
SHA1
3d9389b8eed46f39a3bbc975ad05f31e7a0c7d84
-
SHA256
fa24bccb7b1ac04b82970ea94b8df033e80c57931db0ba5c96ff0506bbca2b87
-
SHA512
8c8cd397ac77ce6407037c749ce8b051bb1cbe22a78657463c12d3e8fea235fb2bbeee470ba35fa6c09296f28cc57b2ef8ec394319c1b4278efb89338c417e46
-
SSDEEP
12288:i2fgeSMXkVxNnFKZCQTUvBmqTmR6tpOudwzvmzc/J97OTv7w4m22Ry:hgexKx1Fco5La07wzvKcfOTTwh2r
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-