order30JUN2020.exe

General
Target

order30JUN2020.exe

Filesize

917KB

Completed

30-06-2020 13:05

Score
10 /10
MD5

4bc018a505cbe56b05f093a268cf5614

SHA1

02ee790415992ecc24a38057f8007be2738492b8

SHA256

536aabc78e3dd5a4577cdbacacb57fb38984e125393c4f3e6d11ae40e5a1bbf7

Malware Config

Extracted

Protocol smtp
Host smtp.yandex.com
Port 587
Username gruppen1@yandex.com
Password tools12345
Signatures

Filter: None

    Processes
    Network
    Replay Monitor
    00:00 00:00
    Downloads
    • C:\Users\Admin\AppData\Local\Temp\SysInfo.txt

    • C:\Users\Admin\AppData\Local\Temp\holderwb.txt

    • C:\Users\Admin\AppData\Roaming\Windows Update.exe

    • C:\Users\Admin\AppData\Roaming\Windows Update.exe

    • C:\Users\Admin\AppData\Roaming\Windows Update.exe

    • \Users\Admin\AppData\Roaming\Windows Update.exe

    • \Users\Admin\AppData\Roaming\Windows Update.exe

    • \Users\Admin\AppData\Roaming\Windows Update.exe

    • \Users\Admin\AppData\Roaming\Windows Update.exe

    • \Users\Admin\AppData\Roaming\Windows Update.exe

    • \Users\Admin\AppData\Roaming\Windows Update.exe

    • \Users\Admin\AppData\Roaming\Windows Update.exe

    • \Users\Admin\AppData\Roaming\Windows Update.exe

    • memory/1116-3-0x0000000000400000-0x000000000051D000-memory.dmp

    • memory/1116-1-0x000000000051B4C0-mapping.dmp

    • memory/1116-6-0x0000000000350000-0x00000000003D3000-memory.dmp

    • memory/1116-2-0x0000000000400000-0x000000000051D000-memory.dmp

    • memory/1116-4-0x00000000006E0000-0x0000000000768000-memory.dmp

    • memory/1116-5-0x0000000000342000-0x0000000000343000-memory.dmp

    • memory/1116-0-0x0000000000400000-0x000000000051D000-memory.dmp

    • memory/1588-32-0x0000000000400000-0x000000000041B000-memory.dmp

    • memory/1588-31-0x0000000000411654-mapping.dmp

    • memory/1588-30-0x0000000000400000-0x000000000041B000-memory.dmp

    • memory/1708-9-0x0000000000000000-mapping.dmp

    • memory/1856-26-0x00000000003A2000-0x00000000003A3000-memory.dmp

    • memory/1856-25-0x0000000000BF0000-0x0000000000C78000-memory.dmp

    • memory/1856-24-0x0000000000400000-0x000000000051D000-memory.dmp

    • memory/1856-23-0x0000000000400000-0x000000000051D000-memory.dmp

    • memory/1856-17-0x000000000051B4C0-mapping.dmp

    • memory/2012-33-0x0000000000400000-0x0000000000458000-memory.dmp

    • memory/2012-34-0x0000000000442628-mapping.dmp

    • memory/2012-35-0x0000000000400000-0x0000000000458000-memory.dmp