General
-
Target
3e6e1a944274e8abdfdd454adcf4aa14cfff60b85cb3fb752055c1a8540c82be
-
Size
729KB
-
Sample
220701-jagh2ahhbp
-
MD5
b2a44e0ca2fc4144ff899e7457a97024
-
SHA1
1209c87ead7fc1e2c2274c9a3e50160874d0aeb4
-
SHA256
3e6e1a944274e8abdfdd454adcf4aa14cfff60b85cb3fb752055c1a8540c82be
-
SHA512
dbabfd326e1f2691ff5dbd71d3572e42358e0ae617d37a6839bf5e139bc37d732c56cbd979a4ef0d1a217129f5f51da1caf80249811607f1dbbb627e1659c038
Static task
static1
Behavioral task
behavioral1
Sample
3e6e1a944274e8abdfdd454adcf4aa14cfff60b85cb3fb752055c1a8540c82be.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3e6e1a944274e8abdfdd454adcf4aa14cfff60b85cb3fb752055c1a8540c82be.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.zoho.com - Port:
587 - Username:
marionklosakleo@zoho.com - Password:
G-eneral001
Targets
-
-
Target
3e6e1a944274e8abdfdd454adcf4aa14cfff60b85cb3fb752055c1a8540c82be
-
Size
729KB
-
MD5
b2a44e0ca2fc4144ff899e7457a97024
-
SHA1
1209c87ead7fc1e2c2274c9a3e50160874d0aeb4
-
SHA256
3e6e1a944274e8abdfdd454adcf4aa14cfff60b85cb3fb752055c1a8540c82be
-
SHA512
dbabfd326e1f2691ff5dbd71d3572e42358e0ae617d37a6839bf5e139bc37d732c56cbd979a4ef0d1a217129f5f51da1caf80249811607f1dbbb627e1659c038
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-