General
-
Target
16dd48e7a6240b44d87f9f2732051a6cd0c1b74c1fff59db7c91eb6fe7bfafab
-
Size
688KB
-
Sample
220222-tajy9sbgcj
-
MD5
24292e5f46b397720a01668fe8489c6f
-
SHA1
8f8e3d051613707dc9dace1b7bd6da4f97ad6bc7
-
SHA256
16dd48e7a6240b44d87f9f2732051a6cd0c1b74c1fff59db7c91eb6fe7bfafab
-
SHA512
978bbfb73c439de8ffa1d8b224f66d3f906465c6081a08f1aac30a84d5ea80dc63a639411de91583f71e13f8088b408dc3637d9491d64a9440e5c15808763cf8
Static task
static1
Behavioral task
behavioral1
Sample
16dd48e7a6240b44d87f9f2732051a6cd0c1b74c1fff59db7c91eb6fe7bfafab.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
16dd48e7a6240b44d87f9f2732051a6cd0c1b74c1fff59db7c91eb6fe7bfafab.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
[email protected] - Password:
Paneinh1!
Targets
-
-
Target
16dd48e7a6240b44d87f9f2732051a6cd0c1b74c1fff59db7c91eb6fe7bfafab
-
Size
688KB
-
MD5
24292e5f46b397720a01668fe8489c6f
-
SHA1
8f8e3d051613707dc9dace1b7bd6da4f97ad6bc7
-
SHA256
16dd48e7a6240b44d87f9f2732051a6cd0c1b74c1fff59db7c91eb6fe7bfafab
-
SHA512
978bbfb73c439de8ffa1d8b224f66d3f906465c6081a08f1aac30a84d5ea80dc63a639411de91583f71e13f8088b408dc3637d9491d64a9440e5c15808763cf8
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-