General
-
Target
NDt93WWQwd089H7.exe
-
Size
1.3MB
-
Sample
210112-5tg1ss9t32
-
MD5
0f330f518f4f71f0735cce4eaf1612d7
-
SHA1
f34909417588543112974ebbc0fa8236a8a604c1
-
SHA256
702554b4a0770d70bd5972318d2294ef2b26001595b574d122264b8c1793457c
-
SHA512
ee5ec83814a64c56bdfdaec885396c86364ccf5bd7eaa25b3bdd2c43c6a8c7427bdf2a7514a7c0043294cdf7c9b89699a818ca65d5e4ef6f5d04c0de94597db3
Static task
static1
Behavioral task
behavioral1
Sample
NDt93WWQwd089H7.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
sales01@seedwellresources.xyz - Password:
MARYolanmauluogwo@ever
Targets
-
-
Target
NDt93WWQwd089H7.exe
-
Size
1.3MB
-
MD5
0f330f518f4f71f0735cce4eaf1612d7
-
SHA1
f34909417588543112974ebbc0fa8236a8a604c1
-
SHA256
702554b4a0770d70bd5972318d2294ef2b26001595b574d122264b8c1793457c
-
SHA512
ee5ec83814a64c56bdfdaec885396c86364ccf5bd7eaa25b3bdd2c43c6a8c7427bdf2a7514a7c0043294cdf7c9b89699a818ca65d5e4ef6f5d04c0de94597db3
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-