General
-
Target
5a742170f7246502f1f680e271cac7da1b6f47f93830c59ea8486108caaa0e4a
-
Size
471KB
-
Sample
220310-swvgfsbedq
-
MD5
69d1b4bbb4314b3cbae969ed8e0b0364
-
SHA1
dab00433f178d9a9ed8695db99d0222aa25b7d7a
-
SHA256
5a742170f7246502f1f680e271cac7da1b6f47f93830c59ea8486108caaa0e4a
-
SHA512
413839b33cb434bb488a4995d88f5ec965738634e061e5eb64c785fd5657e726f202169946858f16687882b0fc44002722b599c01fd18dfd5584cb091b4f5662
Static task
static1
Behavioral task
behavioral1
Sample
5a742170f7246502f1f680e271cac7da1b6f47f93830c59ea8486108caaa0e4a.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
5a742170f7246502f1f680e271cac7da1b6f47f93830c59ea8486108caaa0e4a.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
Protocol: ftp- Host:
files.000webhost.com - Port:
21 - Username:
smok
Targets
-
-
Target
5a742170f7246502f1f680e271cac7da1b6f47f93830c59ea8486108caaa0e4a
-
Size
471KB
-
MD5
69d1b4bbb4314b3cbae969ed8e0b0364
-
SHA1
dab00433f178d9a9ed8695db99d0222aa25b7d7a
-
SHA256
5a742170f7246502f1f680e271cac7da1b6f47f93830c59ea8486108caaa0e4a
-
SHA512
413839b33cb434bb488a4995d88f5ec965738634e061e5eb64c785fd5657e726f202169946858f16687882b0fc44002722b599c01fd18dfd5584cb091b4f5662
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-