General
-
Target
3996681741dbc68ae302b9bc7a7b6432303f938c6bdcf403a684e4aa75feb630
-
Size
1.3MB
-
Sample
220625-ljsc1ahbf2
-
MD5
0fe74c4d8d522f5d543fdedd8a83c3fb
-
SHA1
305409783ee13f9bb7302f10f1f87ffa71957189
-
SHA256
3996681741dbc68ae302b9bc7a7b6432303f938c6bdcf403a684e4aa75feb630
-
SHA512
5396e87bb4622b5eb133a3ff285635a00b3df7fc834f3b77d5134c5a7f75ec0981b138a220af0158d05262099b5ba21c3c7135dec4820dbb17f43eb6189eda66
Static task
static1
Behavioral task
behavioral1
Sample
3996681741dbc68ae302b9bc7a7b6432303f938c6bdcf403a684e4aa75feb630.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3996681741dbc68ae302b9bc7a7b6432303f938c6bdcf403a684e4aa75feb630.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
longwheelbase2018@yandex.com - Password:
myrecords1248@
Targets
-
-
Target
3996681741dbc68ae302b9bc7a7b6432303f938c6bdcf403a684e4aa75feb630
-
Size
1.3MB
-
MD5
0fe74c4d8d522f5d543fdedd8a83c3fb
-
SHA1
305409783ee13f9bb7302f10f1f87ffa71957189
-
SHA256
3996681741dbc68ae302b9bc7a7b6432303f938c6bdcf403a684e4aa75feb630
-
SHA512
5396e87bb4622b5eb133a3ff285635a00b3df7fc834f3b77d5134c5a7f75ec0981b138a220af0158d05262099b5ba21c3c7135dec4820dbb17f43eb6189eda66
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-