General
-
Target
cd9b7d834604e741eb8bd72a5e35dc247d3be63bdef4eca7d4209dc7b2cac802
-
Size
719KB
-
Sample
220520-3sx4aahea6
-
MD5
e6b8c5dfba95c02782ae93ae6a58ffcb
-
SHA1
ed6303d56558609110f788ed76131286f6d29371
-
SHA256
cd9b7d834604e741eb8bd72a5e35dc247d3be63bdef4eca7d4209dc7b2cac802
-
SHA512
c8d17fb68c80730644ca0976247fe4fea2025801c4e5bdd9da7eb674786aea196c0b9c2a3615a56c4d023e55638ad4cfbf76ecf2861591194b0979cd9d841153
Static task
static1
Behavioral task
behavioral1
Sample
LM Approved Invoices 081020.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.grandinnabalibeach.com - Port:
587 - Username:
[email protected] - Password:
pur6188
Targets
-
-
Target
LM Approved Invoices 081020.exe
-
Size
974KB
-
MD5
300326a042ccb921bda24ccf62542329
-
SHA1
ae25411bdd81c114d4b7126d786292a4fd8b5f4b
-
SHA256
08543a93690c3bdcad96daea758571cec3515b8e10b80872a505d82ad73fe6be
-
SHA512
8fc5d6ecb30400ea5914832a0721127ed84dc73f0c62ca551943463e950728859abf5f85500f3400932d190f73e70b018b81ef129ae530df9e0b38d3acb690e6
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-