General
-
Target
13acf3afe890b8936caa7d325b6115b1650786106b9caa7517272807481f3217
-
Size
300KB
-
Sample
220222-vzt17sbeg5
-
MD5
8ef69772939ffb908c5b40e9cb35fd82
-
SHA1
8708391801570d0f9f3a527a755761a1736824b1
-
SHA256
13acf3afe890b8936caa7d325b6115b1650786106b9caa7517272807481f3217
-
SHA512
ecec5b13723d759f3e334dbb95fca62a7a685c6c078fac439d729eae9534b82fd3c747d2b8b38063ff2cce36605db3bca34e6e469dbb2e5a7fe362da74b3736a
Static task
static1
Behavioral task
behavioral1
Sample
13acf3afe890b8936caa7d325b6115b1650786106b9caa7517272807481f3217.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
13acf3afe890b8936caa7d325b6115b1650786106b9caa7517272807481f3217.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
newyork234
Targets
-
-
Target
13acf3afe890b8936caa7d325b6115b1650786106b9caa7517272807481f3217
-
Size
300KB
-
MD5
8ef69772939ffb908c5b40e9cb35fd82
-
SHA1
8708391801570d0f9f3a527a755761a1736824b1
-
SHA256
13acf3afe890b8936caa7d325b6115b1650786106b9caa7517272807481f3217
-
SHA512
ecec5b13723d759f3e334dbb95fca62a7a685c6c078fac439d729eae9534b82fd3c747d2b8b38063ff2cce36605db3bca34e6e469dbb2e5a7fe362da74b3736a
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-