General
-
Target
35bf61d1b81f4ccb69e666d635f995ecd6d549a8708c4139418a84bfa09f4687
-
Size
1.1MB
-
Sample
220626-261wnagbc2
-
MD5
0259f2101d14d3ba036ea6ddfbf6753b
-
SHA1
454a919827e31b52f4f471f1af4ff2c75a2fa7dd
-
SHA256
35bf61d1b81f4ccb69e666d635f995ecd6d549a8708c4139418a84bfa09f4687
-
SHA512
1d966e2eec88bc95c71815a6f7ac4e4b5276cbf3f43b0634491154589a40005e7975d4d4c8286b64898347d73980067477e535eb60e81ce6db13fb387a7f9386
Static task
static1
Behavioral task
behavioral1
Sample
35bf61d1b81f4ccb69e666d635f995ecd6d549a8708c4139418a84bfa09f4687.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
tboy.ken@yandex.com - Password:
..........***///pakings
Targets
-
-
Target
35bf61d1b81f4ccb69e666d635f995ecd6d549a8708c4139418a84bfa09f4687
-
Size
1.1MB
-
MD5
0259f2101d14d3ba036ea6ddfbf6753b
-
SHA1
454a919827e31b52f4f471f1af4ff2c75a2fa7dd
-
SHA256
35bf61d1b81f4ccb69e666d635f995ecd6d549a8708c4139418a84bfa09f4687
-
SHA512
1d966e2eec88bc95c71815a6f7ac4e4b5276cbf3f43b0634491154589a40005e7975d4d4c8286b64898347d73980067477e535eb60e81ce6db13fb387a7f9386
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-