General
-
Target
392405bf25a07ca618fcfeebd230c6ce3ed2799536d3ac8d29240d6701d5d910
-
Size
841KB
-
Sample
220625-wawzyagag8
-
MD5
34fd5e3c4805b55b9120ffe14e5d7f95
-
SHA1
95d68d8852c570e77562775092b26e95b6ac45cb
-
SHA256
392405bf25a07ca618fcfeebd230c6ce3ed2799536d3ac8d29240d6701d5d910
-
SHA512
be69d98533f558d2c7f146cc3faf915840914f6584ca1482288637993287992a53aad28204befb24b5f1e42a430005a314d4f76f2ef0913c310d9adee97659bc
Static task
static1
Behavioral task
behavioral1
Sample
392405bf25a07ca618fcfeebd230c6ce3ed2799536d3ac8d29240d6701d5d910.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
392405bf25a07ca618fcfeebd230c6ce3ed2799536d3ac8d29240d6701d5d910.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
moniman@vivaldi.net - Password:
manmoin@outlook.com
Targets
-
-
Target
392405bf25a07ca618fcfeebd230c6ce3ed2799536d3ac8d29240d6701d5d910
-
Size
841KB
-
MD5
34fd5e3c4805b55b9120ffe14e5d7f95
-
SHA1
95d68d8852c570e77562775092b26e95b6ac45cb
-
SHA256
392405bf25a07ca618fcfeebd230c6ce3ed2799536d3ac8d29240d6701d5d910
-
SHA512
be69d98533f558d2c7f146cc3faf915840914f6584ca1482288637993287992a53aad28204befb24b5f1e42a430005a314d4f76f2ef0913c310d9adee97659bc
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-