General
-
Target
a13d1072f333489eefdc9cb88613608314c044b2e3187e227ee1628c3942ccf8
-
Size
1.3MB
-
Sample
220521-w7k9psedbn
-
MD5
883ae301946f0c4ed4907a5c8084b554
-
SHA1
4842f095f105813e456a2f418f719b7bb843b8b4
-
SHA256
a13d1072f333489eefdc9cb88613608314c044b2e3187e227ee1628c3942ccf8
-
SHA512
a5f3eda7c766ceec5c99073c38287828634078b044095b893b7801354eff69c2e36f95a47e897af75ed577509439a639519f6c0a3f8beddb73ec147b0d83d624
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order_23011008_PDF ________________________ iGSTEEEE1124EEEEEEXEEEE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order_23011008_PDF ________________________ iGSTEEEE1124EEEEEEXEEEE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
outback.websitewelcome.com - Port:
587 - Username:
krishnafebtech14@2020weddingeventz1.com - Password:
1ihemyorochi
Targets
-
-
Target
Purchase Order_23011008_PDF ________________________ iGSTEEEE1124EEEEEEXEEEE.EXE
-
Size
1.8MB
-
MD5
1e80be82f8e930a7160c225ea1fb529e
-
SHA1
7c50b9f3550d1d4c6abdb668cec1d7461a4c13d6
-
SHA256
68101d145825fc980210f1f56638011d98eeaf5c53fb734b62a80dac6489f2e3
-
SHA512
964181a2b3d3db5522a99dfa4c77c87d7c921981e55ecd2cd9fa8f10dd170082637cb6d130a7fee8182a3e6b967e98d34d072d7955233a17b281cd598080bf93
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-