General
-
Target
1132098c70ecbd06d062328537cda18ac0b8a7c6124ede875bac1bd31d521ec8
-
Size
520KB
-
Sample
220222-w1h6rscbe2
-
MD5
73a808e8b6f31620e4ae17f60e707900
-
SHA1
192bfeb175f9acd985357b7c15824e188975038e
-
SHA256
1132098c70ecbd06d062328537cda18ac0b8a7c6124ede875bac1bd31d521ec8
-
SHA512
5827bfbeb9fa2e617ec5a8afc54a3fca19212fae94be0e16154057be71275f149f5eda17ba2eb65598f26d20f28f70555e81ea82a46676c67bfe7bb824c45418
Static task
static1
Behavioral task
behavioral1
Sample
1132098c70ecbd06d062328537cda18ac0b8a7c6124ede875bac1bd31d521ec8.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1132098c70ecbd06d062328537cda18ac0b8a7c6124ede875bac1bd31d521ec8.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
[email protected] - Password:
Crosstown123
Targets
-
-
Target
1132098c70ecbd06d062328537cda18ac0b8a7c6124ede875bac1bd31d521ec8
-
Size
520KB
-
MD5
73a808e8b6f31620e4ae17f60e707900
-
SHA1
192bfeb175f9acd985357b7c15824e188975038e
-
SHA256
1132098c70ecbd06d062328537cda18ac0b8a7c6124ede875bac1bd31d521ec8
-
SHA512
5827bfbeb9fa2e617ec5a8afc54a3fca19212fae94be0e16154057be71275f149f5eda17ba2eb65598f26d20f28f70555e81ea82a46676c67bfe7bb824c45418
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-