General
-
Target
2650515c496982b17d51cf0bc632e5148bcdaadbbbdff6e9cd916e210256a3d6
-
Size
632KB
-
Sample
220521-a8hpbabea4
-
MD5
fb20ea03ffcc09e364e93285c62c31f1
-
SHA1
bcb26a36aa25fb8501cb0eaa45b785ba9c220fce
-
SHA256
2650515c496982b17d51cf0bc632e5148bcdaadbbbdff6e9cd916e210256a3d6
-
SHA512
6c6b84ee5320b233b5ff9c8d92c09ca61f527100276fae2727aedb47af058b517abcdfc239eb12b815a3420f9536184f604fce47db28bf6d52e2560d6adb0621
Static task
static1
Behavioral task
behavioral1
Sample
20200520.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
20200520.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.mail15.cp247.net - Port:
587 - Username:
[email protected] - Password:
Mm8182
Targets
-
-
Target
20200520.exe
-
Size
863KB
-
MD5
a9a56a42ee7e10e44ef8cc503a879ab9
-
SHA1
3891f93991867dbf98813000b53ed62227fc810a
-
SHA256
1ecfa46b754e89d2a0b6abd95c32e60d0bc4a10ee3a996bcb8be86e400d8c7ad
-
SHA512
53ed3f0b25fa7ae5b93fca023aeb6428389c121039682e35d3648c7b895371baf6bea18626bef89fea606bdbf948457867aed29216996014bbb046428e0d33fd
Score10/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-