General
-
Target
06b1441efdb02e5d77466c0b6ee669b6f2ad9ba0d89f26ad04daf6acd10bd3db
-
Size
781KB
-
Sample
220521-b2ngnachb6
-
MD5
ad788b821e85f0f78608ff87f5a2a747
-
SHA1
b4e930fb762e08498be963f66c6d024361ce2552
-
SHA256
06b1441efdb02e5d77466c0b6ee669b6f2ad9ba0d89f26ad04daf6acd10bd3db
-
SHA512
80bc3ce41ab408951794c5ca1736aca27ca172e967483e651d95759b6a32cf1e5a5cfcde5420364adb6642bc259fd6b45d8e0b6c507b6b7a84364952292107fc
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order#0398483.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order#0398483.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
uz@cairoways.me - Password:
09012345@
Targets
-
-
Target
Purchase Order#0398483.exe
-
Size
864KB
-
MD5
53e410760c9f2f2c4a1144fc34eb455a
-
SHA1
d07649c8605753cb60ec997c04400db2ce570aad
-
SHA256
40eac0b9c7fb03c9f4a54a82b47534babfdcc931b5d83832f1ae2facd9fe0cc3
-
SHA512
3dab903d8c4883d515adcb2e6cc3a63b520e1a8258ba6e345e613a029975e40d6facbddafc7754971df2176f56275e15d60bb0226ab24e0c9a695b99195f36ca
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-