General
-
Target
0072aae7e77e88fe4a66bcf63d5d67c64512c1e0d1d73d300dac24e61a6997e1
-
Size
574KB
-
Sample
220223-b5r91sgdc4
-
MD5
598f37dd80e9fbc97ffdfa5b1b614a08
-
SHA1
c3c69c95b39a98d1a7aacdc7c8b79deeabdbe741
-
SHA256
0072aae7e77e88fe4a66bcf63d5d67c64512c1e0d1d73d300dac24e61a6997e1
-
SHA512
a1077283ac6cff229b8ada6ea3a038048844cfc33ec972ecc5ea79a003a9ae64c5bb2de8f30e40a8f402eb23591f5744b56c919046ac670474d34bad4967d4d9
Static task
static1
Behavioral task
behavioral1
Sample
0072aae7e77e88fe4a66bcf63d5d67c64512c1e0d1d73d300dac24e61a6997e1.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0072aae7e77e88fe4a66bcf63d5d67c64512c1e0d1d73d300dac24e61a6997e1.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
Protocol: smtp- Host:
smtp.aol.com - Port:
587 - Username:
[email protected] - Password:
hackersven1
Targets
-
-
Target
0072aae7e77e88fe4a66bcf63d5d67c64512c1e0d1d73d300dac24e61a6997e1
-
Size
574KB
-
MD5
598f37dd80e9fbc97ffdfa5b1b614a08
-
SHA1
c3c69c95b39a98d1a7aacdc7c8b79deeabdbe741
-
SHA256
0072aae7e77e88fe4a66bcf63d5d67c64512c1e0d1d73d300dac24e61a6997e1
-
SHA512
a1077283ac6cff229b8ada6ea3a038048844cfc33ec972ecc5ea79a003a9ae64c5bb2de8f30e40a8f402eb23591f5744b56c919046ac670474d34bad4967d4d9
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-