General
-
Target
a25bc737fa918f9299e2cef22882504acd249787fa9fa181b6a7ef044c0ee556
-
Size
736KB
-
Sample
220521-aba8zacgej
-
MD5
7350f0532cd05fd7c4c46a364221bf99
-
SHA1
7b01b524aec1cc30a060fae2917839e5739d7fed
-
SHA256
a25bc737fa918f9299e2cef22882504acd249787fa9fa181b6a7ef044c0ee556
-
SHA512
2d04fe8b5cee199ac29d075df6e48153f5efa118af22997213b5280fcc8f761ed2ef18e154860c78f604b3c706d9c2779a14ed10286ca293253e0093750267f7
Static task
static1
Behavioral task
behavioral1
Sample
PO-1151.scr
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
[email protected] - Password:
payments00
Targets
-
-
Target
PO-1151.scr
-
Size
854KB
-
MD5
e10e52b1b63ab576d01720563cbc3e1e
-
SHA1
c94588afb551c9f0350f6c9ccbe1696244b61a89
-
SHA256
a72abccbb65d45e50e2bdac6fbfcc3832af2be5e8bb2c20904674b8e59fc667c
-
SHA512
cc327eacdcf59fadcc11d9cf6302afcd503d51241869f3601477d9856daabdd132b9ac14c859b71732d352f68cfdb00fbf85d6f99b6a53fad342ca9e287a06b8
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-