General
-
Target
7fa356cd947b0938ba71bed468c957b589540fe0c2110a38590984531dd598f4
-
Size
954KB
-
Sample
220625-f56jvsaag4
-
MD5
857ccc88699a94fbc755a2593e501f41
-
SHA1
97d7024a4798987a741c4a69fa4bf16e6bb64419
-
SHA256
7fa356cd947b0938ba71bed468c957b589540fe0c2110a38590984531dd598f4
-
SHA512
43e646d1fbfc7d31a3129742c8a8d62a3dcd7306aac56cbe25783d19777aa2ceb11bdbd44f3c0562d5665d7df901741c276533cae078902a5fed599d76348512
Static task
static1
Behavioral task
behavioral1
Sample
7fa356cd947b0938ba71bed468c957b589540fe0c2110a38590984531dd598f4.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
newyearlogin@yandex.com - Password:
ifeanyi1987
Targets
-
-
Target
7fa356cd947b0938ba71bed468c957b589540fe0c2110a38590984531dd598f4
-
Size
954KB
-
MD5
857ccc88699a94fbc755a2593e501f41
-
SHA1
97d7024a4798987a741c4a69fa4bf16e6bb64419
-
SHA256
7fa356cd947b0938ba71bed468c957b589540fe0c2110a38590984531dd598f4
-
SHA512
43e646d1fbfc7d31a3129742c8a8d62a3dcd7306aac56cbe25783d19777aa2ceb11bdbd44f3c0562d5665d7df901741c276533cae078902a5fed599d76348512
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-