General
-
Target
f7d7c3c283891a3fdffccf5dbd1da3a841064cd393aed4eab3987dfb1d93a51c
-
Size
1.5MB
-
Sample
220520-qah57afgdl
-
MD5
3b5a9ea183f1eb6123eda703aaa817a9
-
SHA1
e745ef2f8785eaf83e237ab3fb107ea664e23e5e
-
SHA256
f7d7c3c283891a3fdffccf5dbd1da3a841064cd393aed4eab3987dfb1d93a51c
-
SHA512
ee8ce891e478461abe8d91df4808566a35bb92671718ca5300f630ab30aadea201f224b5f0b1b1f0d2cb61bb6715a984c9730ff82d4cd087b944491d0cd14b24
Static task
static1
Behavioral task
behavioral1
Sample
BANK_DET.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BANK_DET.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
REVERSE_.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
REVERSE_.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.aoki-shoten.com - Port:
587 - Username:
aokikazuhir@aoki-shoten.com - Password:
Kumasi12345009
Targets
-
-
Target
BANK_DET.EXE
-
Size
434KB
-
MD5
97c8146c10d533dacaaca193761b1c98
-
SHA1
dff81aa37ff7d60095615682ded6490f188ae959
-
SHA256
3c7e44e2b240655a3f18fde494d90ba07478b3e28f0161f63ecfd48049a7d554
-
SHA512
e387b91b904e4d29de77c196cf32541b26e968341be4011b386504f47c737ad066bba23b428464a2f2ca516c5f9fc1f88d14e25c5dfc497f4a3bb9c1f72038d4
-
NetWire RAT payload
-
Blocklisted process makes network request
-
Loads dropped DLL
-
-
-
Target
REVERSE_.EXE
-
Size
507KB
-
MD5
b378a8a59c97e5db6fc1c6faf37c90de
-
SHA1
1ba14ba7adab7d5903f0dd6c9e8ef9a9d40115e7
-
SHA256
ab85c8e3305016e7806bf71583c6100e8249054dbb2701b9944a190ae15a7284
-
SHA512
d31d6c7d52fe576ae7f5d3276fabcf56ae1d0b30786df1b795e7b03ccb4b0e607fcd95e9e7229f5017dd059803c5c2415243091109163cca424dcfeb10197a4d
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-