General
-
Target
03498c1196a497cdd25977ff05dd64629a647b20374fd20ab3114733b472e373
-
Size
609KB
-
Sample
220223-apk1bsffg3
-
MD5
eeb6530069c539c57f24dc652e1a7f28
-
SHA1
95eeac443cb805d028fa977248bf1143d40f73c7
-
SHA256
03498c1196a497cdd25977ff05dd64629a647b20374fd20ab3114733b472e373
-
SHA512
a9343c0745a84ea026ede72c42d889e119535558e134ddcb4bc3db356219a95dd57abf9dd6bf2a98b29bd03a7e29a7b047cceb6cd47623bff70f78ff00bc2406
Static task
static1
Behavioral task
behavioral1
Sample
03498c1196a497cdd25977ff05dd64629a647b20374fd20ab3114733b472e373.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
03498c1196a497cdd25977ff05dd64629a647b20374fd20ab3114733b472e373.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
[email protected] - Password:
@Ola03004391090
Targets
-
-
Target
03498c1196a497cdd25977ff05dd64629a647b20374fd20ab3114733b472e373
-
Size
609KB
-
MD5
eeb6530069c539c57f24dc652e1a7f28
-
SHA1
95eeac443cb805d028fa977248bf1143d40f73c7
-
SHA256
03498c1196a497cdd25977ff05dd64629a647b20374fd20ab3114733b472e373
-
SHA512
a9343c0745a84ea026ede72c42d889e119535558e134ddcb4bc3db356219a95dd57abf9dd6bf2a98b29bd03a7e29a7b047cceb6cd47623bff70f78ff00bc2406
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-