General
-
Target
e0dcfb7f37056df8298bd6656b8d40116727aed478f04fc8fd5bcc8532e54d01
-
Size
388KB
-
Sample
220308-bhme9aabe6
-
MD5
590ee18dafe3c592016add9a1f5ea3e1
-
SHA1
2d85ba5a4880d2a2970bb886d18aefc1ddfe199e
-
SHA256
e0dcfb7f37056df8298bd6656b8d40116727aed478f04fc8fd5bcc8532e54d01
-
SHA512
afd6c7032e6c9fb2d87f878ceb1a0549797dfe9c375e5db011a2ad032faa562119aebac84ab95b2b1b57c8ae1841ab13519a16a6c2c820b5f82191cf70823e8d
Static task
static1
Behavioral task
behavioral1
Sample
e0dcfb7f37056df8298bd6656b8d40116727aed478f04fc8fd5bcc8532e54d01.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
e0dcfb7f37056df8298bd6656b8d40116727aed478f04fc8fd5bcc8532e54d01.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
webber198@#
Targets
-
-
Target
e0dcfb7f37056df8298bd6656b8d40116727aed478f04fc8fd5bcc8532e54d01
-
Size
388KB
-
MD5
590ee18dafe3c592016add9a1f5ea3e1
-
SHA1
2d85ba5a4880d2a2970bb886d18aefc1ddfe199e
-
SHA256
e0dcfb7f37056df8298bd6656b8d40116727aed478f04fc8fd5bcc8532e54d01
-
SHA512
afd6c7032e6c9fb2d87f878ceb1a0549797dfe9c375e5db011a2ad032faa562119aebac84ab95b2b1b57c8ae1841ab13519a16a6c2c820b5f82191cf70823e8d
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-