General
-
Target
03493e2defba9a1c9f4aef6ff4b37ca46c34d8f928be2941a8ef334d4efa52bf
-
Size
505KB
-
Sample
220223-apnq8affg4
-
MD5
65c22148ae3bf3dc44fa71465d5e7385
-
SHA1
2c8e4e8de1df7a5b8cbc9c82cad3412ac2ba7d6d
-
SHA256
03493e2defba9a1c9f4aef6ff4b37ca46c34d8f928be2941a8ef334d4efa52bf
-
SHA512
ae7d4dcedf3ccc959586e68764066c977d45383d64cf56b61db8779b4c5dcc90107b6ba2fd8f1175740ce19320dcd3c26d048404bd641c4a7fd57ef445b0040d
Static task
static1
Behavioral task
behavioral1
Sample
03493e2defba9a1c9f4aef6ff4b37ca46c34d8f928be2941a8ef334d4efa52bf.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
03493e2defba9a1c9f4aef6ff4b37ca46c34d8f928be2941a8ef334d4efa52bf.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
XXCVGREHGE
Targets
-
-
Target
03493e2defba9a1c9f4aef6ff4b37ca46c34d8f928be2941a8ef334d4efa52bf
-
Size
505KB
-
MD5
65c22148ae3bf3dc44fa71465d5e7385
-
SHA1
2c8e4e8de1df7a5b8cbc9c82cad3412ac2ba7d6d
-
SHA256
03493e2defba9a1c9f4aef6ff4b37ca46c34d8f928be2941a8ef334d4efa52bf
-
SHA512
ae7d4dcedf3ccc959586e68764066c977d45383d64cf56b61db8779b4c5dcc90107b6ba2fd8f1175740ce19320dcd3c26d048404bd641c4a7fd57ef445b0040d
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-