General
-
Target
39bd69130346e87ad813c557505b2f4074ee7ef6b628955ae984266220b62c84
-
Size
1.1MB
-
Sample
220625-kmqsxaddgr
-
MD5
b9665036cf4ad2e32ab16c4363058835
-
SHA1
51bd61fda3e95e2834f824102107a36b926b8e41
-
SHA256
39bd69130346e87ad813c557505b2f4074ee7ef6b628955ae984266220b62c84
-
SHA512
5a9f7d732ec4012038f7947df046d9ba7031af407c5cb67ae3569869202a11cc7209e0ee55045f7a3923264d65010a7ef75b17e99c0b1484b40c763684297247
Static task
static1
Behavioral task
behavioral1
Sample
39bd69130346e87ad813c557505b2f4074ee7ef6b628955ae984266220b62c84.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
39bd69130346e87ad813c557505b2f4074ee7ef6b628955ae984266220b62c84.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
longwheelbase2018@yandex.com - Password:
success
Targets
-
-
Target
39bd69130346e87ad813c557505b2f4074ee7ef6b628955ae984266220b62c84
-
Size
1.1MB
-
MD5
b9665036cf4ad2e32ab16c4363058835
-
SHA1
51bd61fda3e95e2834f824102107a36b926b8e41
-
SHA256
39bd69130346e87ad813c557505b2f4074ee7ef6b628955ae984266220b62c84
-
SHA512
5a9f7d732ec4012038f7947df046d9ba7031af407c5cb67ae3569869202a11cc7209e0ee55045f7a3923264d65010a7ef75b17e99c0b1484b40c763684297247
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-