General
-
Target
3be48133e44005e49fd79e90ec772908de27525161c8f0d27dc56b0c5ff299b4
-
Size
628KB
-
Sample
220311-a7149sdhc4
-
MD5
e4fa59bead098cee4eada7bc3206f6bd
-
SHA1
79ebc794d26b0bb9759974c018c7e74d81bec124
-
SHA256
3be48133e44005e49fd79e90ec772908de27525161c8f0d27dc56b0c5ff299b4
-
SHA512
7579b603f2a3877e22abf0403ff1c6f2b601974ecd7e2d1cef0ce21143ea22ebf17e05faa0015b1317e3a3aa6b3313aae94307d38a1704679161fbb1a39c8914
Static task
static1
Behavioral task
behavioral1
Sample
3be48133e44005e49fd79e90ec772908de27525161c8f0d27dc56b0c5ff299b4.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
3be48133e44005e49fd79e90ec772908de27525161c8f0d27dc56b0c5ff299b4.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
Drachen123!
Targets
-
-
Target
3be48133e44005e49fd79e90ec772908de27525161c8f0d27dc56b0c5ff299b4
-
Size
628KB
-
MD5
e4fa59bead098cee4eada7bc3206f6bd
-
SHA1
79ebc794d26b0bb9759974c018c7e74d81bec124
-
SHA256
3be48133e44005e49fd79e90ec772908de27525161c8f0d27dc56b0c5ff299b4
-
SHA512
7579b603f2a3877e22abf0403ff1c6f2b601974ecd7e2d1cef0ce21143ea22ebf17e05faa0015b1317e3a3aa6b3313aae94307d38a1704679161fbb1a39c8914
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-