General
-
Target
0be2fd26cdd52bc071b076fc7350077db4962173366192cbc9870df8b3cb234c
-
Size
976KB
-
Sample
220226-lql5kaacf3
-
MD5
ab0e982a52e2b90858413c0b49102fa1
-
SHA1
28b4bd9790d00b2b8287f15e8c6b6a29661e8cf0
-
SHA256
0be2fd26cdd52bc071b076fc7350077db4962173366192cbc9870df8b3cb234c
-
SHA512
5e3cfe9999288a63fcbad2cd69927b9ad062683014e15a4c483053bfa446d9bb7b1af58a5c0cc57271d615471548c219aefebb051748e9790e0adda82b412f10
Static task
static1
Behavioral task
behavioral1
Sample
0be2fd26cdd52bc071b076fc7350077db4962173366192cbc9870df8b3cb234c.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0be2fd26cdd52bc071b076fc7350077db4962173366192cbc9870df8b3cb234c.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
smtp.urban.co.th - Port:
587 - Username:
[email protected] - Password:
Urban@1143
Targets
-
-
Target
0be2fd26cdd52bc071b076fc7350077db4962173366192cbc9870df8b3cb234c
-
Size
976KB
-
MD5
ab0e982a52e2b90858413c0b49102fa1
-
SHA1
28b4bd9790d00b2b8287f15e8c6b6a29661e8cf0
-
SHA256
0be2fd26cdd52bc071b076fc7350077db4962173366192cbc9870df8b3cb234c
-
SHA512
5e3cfe9999288a63fcbad2cd69927b9ad062683014e15a4c483053bfa446d9bb7b1af58a5c0cc57271d615471548c219aefebb051748e9790e0adda82b412f10
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-