General
-
Target
3c88aa26da692c8b3fdfd965e009f6454897b8c755d48d494c5a4669f71a7c65
-
Size
767KB
-
Sample
220703-hy1fdabhg6
-
MD5
c1a014f111ad13da6db742c3ab722691
-
SHA1
e2105bbc6598719765fd523e5bee9fc55499ae60
-
SHA256
3c88aa26da692c8b3fdfd965e009f6454897b8c755d48d494c5a4669f71a7c65
-
SHA512
02bfc81a69fa9d09300168d6dcae80df070f271b5b5c642b9de17029fd488dd34e9237dcfd3609b9dd770599ede0fc332fe84d8d646009be0ba51ca8d042d95e
Static task
static1
Behavioral task
behavioral1
Sample
3c88aa26da692c8b3fdfd965e009f6454897b8c755d48d494c5a4669f71a7c65.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3c88aa26da692c8b3fdfd965e009f6454897b8c755d48d494c5a4669f71a7c65.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
longwheelbase2018@yandex.com - Password:
myrecords1248@
Targets
-
-
Target
3c88aa26da692c8b3fdfd965e009f6454897b8c755d48d494c5a4669f71a7c65
-
Size
767KB
-
MD5
c1a014f111ad13da6db742c3ab722691
-
SHA1
e2105bbc6598719765fd523e5bee9fc55499ae60
-
SHA256
3c88aa26da692c8b3fdfd965e009f6454897b8c755d48d494c5a4669f71a7c65
-
SHA512
02bfc81a69fa9d09300168d6dcae80df070f271b5b5c642b9de17029fd488dd34e9237dcfd3609b9dd770599ede0fc332fe84d8d646009be0ba51ca8d042d95e
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-