General
-
Target
dde64283919a0f55d651fd0d2382728c0c26afd8efa81be3c6ca85f863ba3d08
-
Size
1.9MB
-
Sample
220701-epdy8sbdbk
-
MD5
589b3749e7279e109b1ae87eb409454e
-
SHA1
672d90b2288578769c8930f807a7b741d47cb0ac
-
SHA256
dde64283919a0f55d651fd0d2382728c0c26afd8efa81be3c6ca85f863ba3d08
-
SHA512
428d82e88207a06584aa9c7cc6457c5358116a680cd0f786477c54ab3256f3334c529e907036a8c2071418a2544e38cf0fa4e0ed80b5bb27d948d8ed848f0d57
Static task
static1
Behavioral task
behavioral1
Sample
dde64283919a0f55d651fd0d2382728c0c26afd8efa81be3c6ca85f863ba3d08.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
dde64283919a0f55d651fd0d2382728c0c26afd8efa81be3c6ca85f863ba3d08.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
204@goldsmiths-uk.com - Password:
QWERTY123@@##
Targets
-
-
Target
dde64283919a0f55d651fd0d2382728c0c26afd8efa81be3c6ca85f863ba3d08
-
Size
1.9MB
-
MD5
589b3749e7279e109b1ae87eb409454e
-
SHA1
672d90b2288578769c8930f807a7b741d47cb0ac
-
SHA256
dde64283919a0f55d651fd0d2382728c0c26afd8efa81be3c6ca85f863ba3d08
-
SHA512
428d82e88207a06584aa9c7cc6457c5358116a680cd0f786477c54ab3256f3334c529e907036a8c2071418a2544e38cf0fa4e0ed80b5bb27d948d8ed848f0d57
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-