General
-
Target
15ac6cc8b1490d0a439f8172b537f2b953a937eee53da136367c91b61aa4ab1e
-
Size
521KB
-
Sample
220222-tzdhsacbek
-
MD5
b885a4a71af4f20f080b2974b91dda9c
-
SHA1
cb9eab801c7227895f6cbdd5d4de21d3cfe651fb
-
SHA256
15ac6cc8b1490d0a439f8172b537f2b953a937eee53da136367c91b61aa4ab1e
-
SHA512
0d5e4c9e29b50f0b768ce1658ab3b3ea875176f78beb616fb0cd7729b196e878f6412ae99e807e5b705f89d1e84a1465b174531d7d0273ef2453154c60c09664
Static task
static1
Behavioral task
behavioral1
Sample
15ac6cc8b1490d0a439f8172b537f2b953a937eee53da136367c91b61aa4ab1e.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
15ac6cc8b1490d0a439f8172b537f2b953a937eee53da136367c91b61aa4ab1e.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
smtp.outlook.com - Port:
587 - Username:
[email protected] - Password:
123nuri123
Targets
-
-
Target
15ac6cc8b1490d0a439f8172b537f2b953a937eee53da136367c91b61aa4ab1e
-
Size
521KB
-
MD5
b885a4a71af4f20f080b2974b91dda9c
-
SHA1
cb9eab801c7227895f6cbdd5d4de21d3cfe651fb
-
SHA256
15ac6cc8b1490d0a439f8172b537f2b953a937eee53da136367c91b61aa4ab1e
-
SHA512
0d5e4c9e29b50f0b768ce1658ab3b3ea875176f78beb616fb0cd7729b196e878f6412ae99e807e5b705f89d1e84a1465b174531d7d0273ef2453154c60c09664
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-