General
-
Target
011b1cf689d5fe18e8ee572209a1bc23a9d904e7075f4a9ef75dae093f988d87
-
Size
673KB
-
Sample
220223-bt3xdahfck
-
MD5
0f4c9e0582c77d8a5cd6532de4297f76
-
SHA1
1f870df3cf70c0ce7fd451a5e07b10d7dd564c5c
-
SHA256
011b1cf689d5fe18e8ee572209a1bc23a9d904e7075f4a9ef75dae093f988d87
-
SHA512
eb49b81ac248eed4c49bcf1ed2be2e858d1e8c77d62bbdded947db39c67124d237763efa98e522df60f8c81eb2a2886bf75fe8419cfb90d2773687c8b9ded165
Static task
static1
Behavioral task
behavioral1
Sample
011b1cf689d5fe18e8ee572209a1bc23a9d904e7075f4a9ef75dae093f988d87.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
011b1cf689d5fe18e8ee572209a1bc23a9d904e7075f4a9ef75dae093f988d87.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
Protocol: ftp- Host:
files.000webhost.com - Port:
21 - Username:
eagle-eyed-breakdow
Targets
-
-
Target
011b1cf689d5fe18e8ee572209a1bc23a9d904e7075f4a9ef75dae093f988d87
-
Size
673KB
-
MD5
0f4c9e0582c77d8a5cd6532de4297f76
-
SHA1
1f870df3cf70c0ce7fd451a5e07b10d7dd564c5c
-
SHA256
011b1cf689d5fe18e8ee572209a1bc23a9d904e7075f4a9ef75dae093f988d87
-
SHA512
eb49b81ac248eed4c49bcf1ed2be2e858d1e8c77d62bbdded947db39c67124d237763efa98e522df60f8c81eb2a2886bf75fe8419cfb90d2773687c8b9ded165
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-