General
-
Target
3b0fc9c97400ab41121b3a1cf62e22bd2c96d45d3f084a3d035a2e3bf816d135
-
Size
506KB
-
Sample
220311-bh3r8shafn
-
MD5
925465b092fa65c79c373445cb06a19c
-
SHA1
1211811d72cd360ebea54aab583f4be03b5ab14b
-
SHA256
3b0fc9c97400ab41121b3a1cf62e22bd2c96d45d3f084a3d035a2e3bf816d135
-
SHA512
72a5e97888d3948ffb763e7bd447f6d53319592500750fc997a08750f6bf7757f0546ddc7b958b4bed70ff55f592f6700c7fd62bda3e2d4f2a20a35a0fd6f8c5
Static task
static1
Behavioral task
behavioral1
Sample
3b0fc9c97400ab41121b3a1cf62e22bd2c96d45d3f084a3d035a2e3bf816d135.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
3b0fc9c97400ab41121b3a1cf62e22bd2c96d45d3f084a3d035a2e3bf816d135.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
[email protected] - Password:
fth53jf7dhhff48hlb
Targets
-
-
Target
3b0fc9c97400ab41121b3a1cf62e22bd2c96d45d3f084a3d035a2e3bf816d135
-
Size
506KB
-
MD5
925465b092fa65c79c373445cb06a19c
-
SHA1
1211811d72cd360ebea54aab583f4be03b5ab14b
-
SHA256
3b0fc9c97400ab41121b3a1cf62e22bd2c96d45d3f084a3d035a2e3bf816d135
-
SHA512
72a5e97888d3948ffb763e7bd447f6d53319592500750fc997a08750f6bf7757f0546ddc7b958b4bed70ff55f592f6700c7fd62bda3e2d4f2a20a35a0fd6f8c5
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-