General
-
Target
02908f22999d26348b352b505c17a88fcee5ccdc599d616fcb667a6afa99b42b
-
Size
521KB
-
Sample
220223-a2nxrafha9
-
MD5
50fb186f2663f64a4b3181586f2eaed6
-
SHA1
9a7057485882a894e9488aa21f8738f53de4f544
-
SHA256
02908f22999d26348b352b505c17a88fcee5ccdc599d616fcb667a6afa99b42b
-
SHA512
372cd9bf61951ab72790324f420d30cf8838578fbe19cddbba81acdbdc566fa12f6cb5eb603d35d0333b626b29e1124b1f05049f2f80ac9eb6fc9346e6207643
Static task
static1
Behavioral task
behavioral1
Sample
02908f22999d26348b352b505c17a88fcee5ccdc599d616fcb667a6afa99b42b.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
02908f22999d26348b352b505c17a88fcee5ccdc599d616fcb667a6afa99b42b.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
mail.yahlabs.com - Port:
587 - Username:
[email protected] - Password:
K#XTi1TB1^w%
Targets
-
-
Target
02908f22999d26348b352b505c17a88fcee5ccdc599d616fcb667a6afa99b42b
-
Size
521KB
-
MD5
50fb186f2663f64a4b3181586f2eaed6
-
SHA1
9a7057485882a894e9488aa21f8738f53de4f544
-
SHA256
02908f22999d26348b352b505c17a88fcee5ccdc599d616fcb667a6afa99b42b
-
SHA512
372cd9bf61951ab72790324f420d30cf8838578fbe19cddbba81acdbdc566fa12f6cb5eb603d35d0333b626b29e1124b1f05049f2f80ac9eb6fc9346e6207643
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-