General
-
Target
6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f
-
Size
1.0MB
-
Sample
220309-t8h5maaga5
-
MD5
5e8183e3395b2c6c6ac39d40d28f3f8a
-
SHA1
f51db7e5d9dd7de25ee9b094a25a2fa593e8040d
-
SHA256
6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f
-
SHA512
be4138a2672d98822ec75b6892cd84120b2aee166bd332d961db812e8acd0c60f53fb7626aa29192304fcf6d9c1de09197959cd477d95c34c7a761fe5142731a
Static task
static1
Behavioral task
behavioral1
Sample
6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
diplomat.thomasfletcher@post.com - Password:
Lordcardo31
Targets
-
-
Target
6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f
-
Size
1.0MB
-
MD5
5e8183e3395b2c6c6ac39d40d28f3f8a
-
SHA1
f51db7e5d9dd7de25ee9b094a25a2fa593e8040d
-
SHA256
6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f
-
SHA512
be4138a2672d98822ec75b6892cd84120b2aee166bd332d961db812e8acd0c60f53fb7626aa29192304fcf6d9c1de09197959cd477d95c34c7a761fe5142731a
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-