General
-
Target
Twist Spoofer V.2.rar
-
Size
5.0MB
-
Sample
250109-vez2qaxkck
-
MD5
247fae93cf5dab2ca6c98e23851ec9e0
-
SHA1
f0c9981de3f80b29773871e3027378418cbfa772
-
SHA256
2bdd3f2687c741914ef795ea2d996fa7df6507fd612adff54f49b39b343b952e
-
SHA512
29bbb670a36be11b2fabf1fd9f1cc97084e659ab1eb9bf33f2c770295b8501663c82693f02191579ff095da7c4b34b9279426a970e6aeb5fbce1e06e17e4d01c
-
SSDEEP
98304:5ie4zzlge+Pms3RImAnvu+hOEj8VLlAukT+3uEnSP0TeSNHcw:5ulT+PjI9vJhOw8H1nS6evw
Behavioral task
behavioral1
Sample
Twist Spoofer V.2.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
Twist Spoofer V.2.exe
-
Size
2.9MB
-
MD5
f2bb0da0031d7369c104437e43db4f5d
-
SHA1
a531734ed49630ebe404ebc4dad180b86e2e9642
-
SHA256
86c60180c1e05a877a7b5e4b4ad5a8627e5a5373874d2ce53f5e55c72b24651f
-
SHA512
a0eef9ddb72e96f27c489fd2c942d4a31876f468683d10e729aa625cf077dad23515ab43ed1c0679ccd82762879a5bad6c2d4de5bfb2a9a645949fecb1b75d27
-
SSDEEP
49152:bsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:dqXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1