General
-
Target
3bb66ff8b54e191bd80f8ac996c0b3376d1a62a88fa7c1944aa2ff2015c6296e
-
Size
572KB
-
Sample
220311-a94m6sghbk
-
MD5
dd60950e856c90f0b22b94067698ab73
-
SHA1
50cc436cbdd510d78d3e077ba45d5f8b854cf7e0
-
SHA256
3bb66ff8b54e191bd80f8ac996c0b3376d1a62a88fa7c1944aa2ff2015c6296e
-
SHA512
1da7c73863ba9834e162d56811486db594337f4c9fa26afa8f143703f3fa8a0a1a95a6232fc47d0e55212cb2099dd75c68b51844d6719fc8747367f4e92c9d8d
Static task
static1
Behavioral task
behavioral1
Sample
3bb66ff8b54e191bd80f8ac996c0b3376d1a62a88fa7c1944aa2ff2015c6296e.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
3bb66ff8b54e191bd80f8ac996c0b3376d1a62a88fa7c1944aa2ff2015c6296e.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
[email protected] - Password:
ApostolJord1q2w4r3e5t6y
Targets
-
-
Target
3bb66ff8b54e191bd80f8ac996c0b3376d1a62a88fa7c1944aa2ff2015c6296e
-
Size
572KB
-
MD5
dd60950e856c90f0b22b94067698ab73
-
SHA1
50cc436cbdd510d78d3e077ba45d5f8b854cf7e0
-
SHA256
3bb66ff8b54e191bd80f8ac996c0b3376d1a62a88fa7c1944aa2ff2015c6296e
-
SHA512
1da7c73863ba9834e162d56811486db594337f4c9fa26afa8f143703f3fa8a0a1a95a6232fc47d0e55212cb2099dd75c68b51844d6719fc8747367f4e92c9d8d
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-