General
-
Target
0b785892706eeb877187c1535cd75095942497eb252125b32dfd4cf143761623
-
Size
720KB
-
Sample
220630-x5v7kabeh4
-
MD5
89c181c4ef1d2826a09493fd093d711c
-
SHA1
01f9ffba99b1b2502b1ea59086143e47653b7c5f
-
SHA256
0b785892706eeb877187c1535cd75095942497eb252125b32dfd4cf143761623
-
SHA512
7e5b3c462a77ec232db03026bc076d67e511582389be349e7a53eac1ff40f6af509a89df7f02430c1227bd2d4a0ca0dba8cae53c69d2616d4c7b1d4da89e45c0
Static task
static1
Behavioral task
behavioral1
Sample
0b785892706eeb877187c1535cd75095942497eb252125b32dfd4cf143761623.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0b785892706eeb877187c1535cd75095942497eb252125b32dfd4cf143761623.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
mucak2003@gmail.com - Password:
1112973m
Targets
-
-
Target
0b785892706eeb877187c1535cd75095942497eb252125b32dfd4cf143761623
-
Size
720KB
-
MD5
89c181c4ef1d2826a09493fd093d711c
-
SHA1
01f9ffba99b1b2502b1ea59086143e47653b7c5f
-
SHA256
0b785892706eeb877187c1535cd75095942497eb252125b32dfd4cf143761623
-
SHA512
7e5b3c462a77ec232db03026bc076d67e511582389be349e7a53eac1ff40f6af509a89df7f02430c1227bd2d4a0ca0dba8cae53c69d2616d4c7b1d4da89e45c0
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-