General
-
Target
7b254a2cbf01fcd8fe279f23f1b07964e398fbdcd3f7de77701850f043387f46
-
Size
518KB
-
Sample
220521-nxn9lsecd5
-
MD5
e3de02d36e2bb4441992285597c202a7
-
SHA1
5039fa0c800acd954f0b57f395e97f33034ad262
-
SHA256
7b254a2cbf01fcd8fe279f23f1b07964e398fbdcd3f7de77701850f043387f46
-
SHA512
0fb96e83b7b5d76b7c2ada607c58152c22b8549237461efd3e7ad9a7ce33c99e99f72f90378a16fa358660c468c0bda4bbbee2985cf9732003a8e8246a7eb6ec
Static task
static1
Behavioral task
behavioral1
Sample
PO-05nr347.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
fuyutong.ar@accountant.com - Password:
payments00
Targets
-
-
Target
PO-05nr347.exe
-
Size
798KB
-
MD5
67241ed39592f25b9d8d00bfe826affd
-
SHA1
ac0d76837ffffa4065c7a617ca397d16ed259c70
-
SHA256
77728dc00d957e7c3a175b58f539ed1ce895595832f3ff527aac52a10b185565
-
SHA512
e077adeb8ee3eb37a47776df65f954626aa7f6db8d4ac87d30c4505cee87e103f116c90e65eb9a94283e284b866d8d254bee858e17b2e21d3aad36b3fa753ae0
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-