General
-
Target
SCAN00381638.GZ
-
Size
418KB
-
Sample
240624-qrdl2axhkm
-
MD5
ef59cfbaf560b953c612d8b61b22c815
-
SHA1
579dda9b129465b65ca629b7af56be2b7990e4f7
-
SHA256
e4eae60e94508ef4d6d731be014afe6dd143b5b683e4cd9459d84db208249648
-
SHA512
ce411d12c13ec0b663fe74dd8d9920a267b3ddc05003af1474e9bdd965a8753bef80df59eb98b378e5a637ccbbac63b6bb26c6d16ad80cc65345e1840aeead51
-
SSDEEP
12288:+Air7L7jf9eIYWBOGgijWDocOCId74s8H:O7Re0BOviCDotCId7x8H
Static task
static1
Behavioral task
behavioral1
Sample
SCAN00381638.vbe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SCAN00381638.vbe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
SCAN00381638.vbe
-
Size
646KB
-
MD5
877d62bb0a3ca04372a89f1fd63aa517
-
SHA1
abb9619743f94df8ee35bcb29e08a33f49acc91a
-
SHA256
411d7a0d9d268daa710bbd8af48825e3227be7ed743c50c68afc05b71a940e83
-
SHA512
072e1b5ebf6aa76ee374d94b5d9f066c3f2c922808a646768234bf8cae9c62b55a82fa4e18ab860f7ffb5b31a625619991feaa3a82bc8fc7a3712b38cbbcf7ae
-
SSDEEP
12288:NuXAeUMRwhbVmNmN7wNL4NBN3rNrx9V0NnNcN/v3gRN6fyNMNIN3NLojSAfp+J1/:T4Rwhb79SyV7R1AIJTaud62Q
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-