General
-
Target
01628ca098f010c03b94373cc25dd3aa08a2bf44a5df590f0538505c8ebccb31
-
Size
677KB
-
Sample
220223-bpq21sheep
-
MD5
68f6899bccd94781c168e5f6f0bf3a5c
-
SHA1
365f7d053c93bd0653172b5fa66389b4683c42f7
-
SHA256
01628ca098f010c03b94373cc25dd3aa08a2bf44a5df590f0538505c8ebccb31
-
SHA512
001aaf6177f377731038d205dce8a220786a1a158f3aa9a691f0ecf7b5b9e90aa82b703ded3e75a369092e647741b07c31bce3fb55c030626c613dd5788b2753
Static task
static1
Behavioral task
behavioral1
Sample
01628ca098f010c03b94373cc25dd3aa08a2bf44a5df590f0538505c8ebccb31.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
01628ca098f010c03b94373cc25dd3aa08a2bf44a5df590f0538505c8ebccb31.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
martinich22
Targets
-
-
Target
01628ca098f010c03b94373cc25dd3aa08a2bf44a5df590f0538505c8ebccb31
-
Size
677KB
-
MD5
68f6899bccd94781c168e5f6f0bf3a5c
-
SHA1
365f7d053c93bd0653172b5fa66389b4683c42f7
-
SHA256
01628ca098f010c03b94373cc25dd3aa08a2bf44a5df590f0538505c8ebccb31
-
SHA512
001aaf6177f377731038d205dce8a220786a1a158f3aa9a691f0ecf7b5b9e90aa82b703ded3e75a369092e647741b07c31bce3fb55c030626c613dd5788b2753
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-