General
-
Target
02fc82a18398f81deaee007c20d90e0e3c9722b30d2698f90e796023fc5e1740
-
Size
520KB
-
Sample
220223-ave19sfgc5
-
MD5
949f2fc9c985e3182200118a59dd0f49
-
SHA1
b80935447e8ad0d9bc97b0362907fbbc3fb58fff
-
SHA256
02fc82a18398f81deaee007c20d90e0e3c9722b30d2698f90e796023fc5e1740
-
SHA512
5863f812fe4900bbb17ecedc99fbd544c8d9212ac5f0cd362a3c0c6b873df4877af87ab8d0993e33c6a8f57d150868be7fd26bfa3fce1d4797cad3306d20c8a8
Static task
static1
Behavioral task
behavioral1
Sample
02fc82a18398f81deaee007c20d90e0e3c9722b30d2698f90e796023fc5e1740.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
02fc82a18398f81deaee007c20d90e0e3c9722b30d2698f90e796023fc5e1740.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
8903Sergey
Targets
-
-
Target
02fc82a18398f81deaee007c20d90e0e3c9722b30d2698f90e796023fc5e1740
-
Size
520KB
-
MD5
949f2fc9c985e3182200118a59dd0f49
-
SHA1
b80935447e8ad0d9bc97b0362907fbbc3fb58fff
-
SHA256
02fc82a18398f81deaee007c20d90e0e3c9722b30d2698f90e796023fc5e1740
-
SHA512
5863f812fe4900bbb17ecedc99fbd544c8d9212ac5f0cd362a3c0c6b873df4877af87ab8d0993e33c6a8f57d150868be7fd26bfa3fce1d4797cad3306d20c8a8
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-