General
-
Target
9EF95F67107626667DC3504CCF838337661E3893BDD4831C0B2362330FB2CFDC
-
Size
1.9MB
-
Sample
250103-jn7blsxpdk
-
MD5
a5cd201f356bc422320c0a5c8a13bb34
-
SHA1
193be6d58ea14f6f490be0def19c294d92fd3326
-
SHA256
9ef95f67107626667dc3504ccf838337661e3893bdd4831c0b2362330fb2cfdc
-
SHA512
4f266f83957aeeb66a2cfcd15094efc7de93978af27feeed44f19296d4743b07176f230e565f9b90530778d434f6ac33766972ab36c0963a04aae3d0782af2ee
-
SSDEEP
49152:PPVt/LZeJbInQRasEVV3JpYXTIEIgkjx:nTYbInQir3JpYXUt/1
Static task
static1
Behavioral task
behavioral1
Sample
9EF95F67107626667DC3504CCF838337661E3893BDD4831C0B2362330FB2CFDC.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9EF95F67107626667DC3504CCF838337661E3893BDD4831C0B2362330FB2CFDC.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
9EF95F67107626667DC3504CCF838337661E3893BDD4831C0B2362330FB2CFDC
-
Size
1.9MB
-
MD5
a5cd201f356bc422320c0a5c8a13bb34
-
SHA1
193be6d58ea14f6f490be0def19c294d92fd3326
-
SHA256
9ef95f67107626667dc3504ccf838337661e3893bdd4831c0b2362330fb2cfdc
-
SHA512
4f266f83957aeeb66a2cfcd15094efc7de93978af27feeed44f19296d4743b07176f230e565f9b90530778d434f6ac33766972ab36c0963a04aae3d0782af2ee
-
SSDEEP
49152:PPVt/LZeJbInQRasEVV3JpYXTIEIgkjx:nTYbInQir3JpYXUt/1
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-