General
-
Target
3a3a6db3d266830cd471cbb84d1707e915bf3ffbe54b84abff5ee703d91e6485
-
Size
713KB
-
Sample
220625-gwpqesbbe4
-
MD5
4d94576cdf1c060b6147d88bc438ec64
-
SHA1
b09269028fa0b095afbedbc87a44768b5a29a6d7
-
SHA256
3a3a6db3d266830cd471cbb84d1707e915bf3ffbe54b84abff5ee703d91e6485
-
SHA512
4157976180155c7f3341c226f2fbc6730243263180aa059aa8cd0604377f068e44bd7f1005ea5e99c4ea07e76612db83adaca6f5f012bef396e87386c41dc5a5
Static task
static1
Behavioral task
behavioral1
Sample
3a3a6db3d266830cd471cbb84d1707e915bf3ffbe54b84abff5ee703d91e6485.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.zoho.com - Port:
587 - Username:
aminadmoneyman@zoho.com - Password:
nwachukwu12345
Targets
-
-
Target
3a3a6db3d266830cd471cbb84d1707e915bf3ffbe54b84abff5ee703d91e6485
-
Size
713KB
-
MD5
4d94576cdf1c060b6147d88bc438ec64
-
SHA1
b09269028fa0b095afbedbc87a44768b5a29a6d7
-
SHA256
3a3a6db3d266830cd471cbb84d1707e915bf3ffbe54b84abff5ee703d91e6485
-
SHA512
4157976180155c7f3341c226f2fbc6730243263180aa059aa8cd0604377f068e44bd7f1005ea5e99c4ea07e76612db83adaca6f5f012bef396e87386c41dc5a5
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-