General
-
Target
1720267c013b2a2146c0a04e6436d3e7d60c5a9344f58156f8eb0f938053dc81
-
Size
646KB
-
Sample
220520-2m6mssafhk
-
MD5
a702737ad60166f2d7a73cdfc5458f59
-
SHA1
2f920e5acaae78b4b64224a22506e2a149e3af3f
-
SHA256
1720267c013b2a2146c0a04e6436d3e7d60c5a9344f58156f8eb0f938053dc81
-
SHA512
7f291865ff803928df9ef5e17cfc3d4e485cf04f645f4129c649a713a1216170577e2c5b7a19d6fd7e948a1735d0576a8ad7fac849c53f7ca3788519c2b1de1c
Static task
static1
Behavioral task
behavioral1
Sample
Account Reconciliation.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.grandinnabalibeach.com - Port:
587 - Username:
[email protected] - Password:
pur6188
Targets
-
-
Target
Account Reconciliation.exe
-
Size
734KB
-
MD5
110a88034d9e642e19edf614022f99a9
-
SHA1
5d7f28c30e7abf2795414f7b4276013853f3dc57
-
SHA256
8a2e8c8992d6372ae7d7e4dbb4a8352fa756b7dd4e4822ff0204c2717568812a
-
SHA512
fbeea4b1db2316a2ca5d6ea6517151e9433565a6a2641b51337f3f5c2d2a6c196e8dbd3c464a462f1abb87b8fcd0af258b3d1414a62a24e671ffc777856eeb59
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-