General
-
Target
d3f0ee2f8e4bdb79adc9464fc9a83f00f5171a53ef73761efec1972b5780dc3f
-
Size
771KB
-
Sample
220521-b39fhschg9
-
MD5
d4b245a94cab3189cd7f86f5deea3baf
-
SHA1
fe7558d10136c60b41f1f37680fb81578c9723be
-
SHA256
d3f0ee2f8e4bdb79adc9464fc9a83f00f5171a53ef73761efec1972b5780dc3f
-
SHA512
591a4d9a8d2fe2814adc95754565db5ec6c2dfd94cc02155844506b1d7f5c6a140946383013c92e49707498fcedd90d154d0990fa2edb157f9ced0cb0e316d56
Static task
static1
Behavioral task
behavioral1
Sample
RFQ Request For Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ Request For Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: ftp- Host:
ftps4.us.freehostia.com - Port:
21 - Username:
jumshi - Password:
udobobo2020
Targets
-
-
Target
RFQ Request For Quotation.exe
-
Size
1.0MB
-
MD5
746383a10231f3b6fa8d396596159716
-
SHA1
7b6423638e1a8497ea2a6cf2d868fd5cd3608c2a
-
SHA256
f594268a1b5164b9081ff67fcf423fab8eef1c605d98e80df27932d19cf08f2c
-
SHA512
3277cde8dcfa0d75215e50e1f512537d426b0096550504e42b311bbb8714fab9f4d840d7d167b31eb23959d6463f68e6b482e29b856156c597e38ab114ed0a2b
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-