General
-
Target
3097002f3918903a6b3542660d8a8521e498f1638b0ec236969ba6ccf3718cb0
-
Size
1.1MB
-
Sample
220621-drv5vsaafk
-
MD5
93e14e7f69673f008a2cec126e19ea60
-
SHA1
dd753748784deb2b9a09ab3892521878a655a237
-
SHA256
3097002f3918903a6b3542660d8a8521e498f1638b0ec236969ba6ccf3718cb0
-
SHA512
0c0b92446c0a52ddd47459de4d34e2c402a18f34aa0e67de2cc49e9245df4c06d27d704918aed34d203945e8fc6761fbd6e32ed549eec99c162d1f57cd4194d1
Static task
static1
Behavioral task
behavioral1
Sample
3097002f3918903a6b3542660d8a8521e498f1638b0ec236969ba6ccf3718cb0.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3097002f3918903a6b3542660d8a8521e498f1638b0ec236969ba6ccf3718cb0.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
longwheelbase2018@yandex.com - Password:
success
Targets
-
-
Target
3097002f3918903a6b3542660d8a8521e498f1638b0ec236969ba6ccf3718cb0
-
Size
1.1MB
-
MD5
93e14e7f69673f008a2cec126e19ea60
-
SHA1
dd753748784deb2b9a09ab3892521878a655a237
-
SHA256
3097002f3918903a6b3542660d8a8521e498f1638b0ec236969ba6ccf3718cb0
-
SHA512
0c0b92446c0a52ddd47459de4d34e2c402a18f34aa0e67de2cc49e9245df4c06d27d704918aed34d203945e8fc6761fbd6e32ed549eec99c162d1f57cd4194d1
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-