General
-
Target
1042650e65868ec4b6f9ff04f29b9fbc64cfd565564fec7c3f4f239fb157c783
-
Size
506KB
-
Sample
220222-xd7fhscdd9
-
MD5
12ec668e83b3888c07f46ae1288c7cba
-
SHA1
b12be2f342c2aba4237b913186db8c4126435065
-
SHA256
1042650e65868ec4b6f9ff04f29b9fbc64cfd565564fec7c3f4f239fb157c783
-
SHA512
5dda8fe3b1d25d6f24b408a6c76a00bfc0d73a9362c496e39fd03aeb7999ddc3632bfa2bed948dcb697f422e32716da7174c578d614ac06a6f25d5f97b1c9a88
Static task
static1
Behavioral task
behavioral1
Sample
1042650e65868ec4b6f9ff04f29b9fbc64cfd565564fec7c3f4f239fb157c783.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1042650e65868ec4b6f9ff04f29b9fbc64cfd565564fec7c3f4f239fb157c783.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
damiangoogle10
Targets
-
-
Target
1042650e65868ec4b6f9ff04f29b9fbc64cfd565564fec7c3f4f239fb157c783
-
Size
506KB
-
MD5
12ec668e83b3888c07f46ae1288c7cba
-
SHA1
b12be2f342c2aba4237b913186db8c4126435065
-
SHA256
1042650e65868ec4b6f9ff04f29b9fbc64cfd565564fec7c3f4f239fb157c783
-
SHA512
5dda8fe3b1d25d6f24b408a6c76a00bfc0d73a9362c496e39fd03aeb7999ddc3632bfa2bed948dcb697f422e32716da7174c578d614ac06a6f25d5f97b1c9a88
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-