General
-
Target
b369be9337627cace4709477e4969c462ce26f7b9b73ab9c47d29a5efa0f9602
-
Size
950KB
-
Sample
220703-hzvaracab7
-
MD5
04d9a0e3c67732c01698af3902d2c3c6
-
SHA1
dc1d397df18195cd06fdc3b174b2258410cbe162
-
SHA256
b369be9337627cace4709477e4969c462ce26f7b9b73ab9c47d29a5efa0f9602
-
SHA512
28d1a3a65e24439b3dd33b2c2265d88d8ec0732fffd201dd1c9b73d5e6384cd463c3b38dc5e64562e498ddeaa125e58b6caefff54064d48bc3f0cf2a37954ada
Static task
static1
Behavioral task
behavioral1
Sample
b369be9337627cace4709477e4969c462ce26f7b9b73ab9c47d29a5efa0f9602.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b369be9337627cace4709477e4969c462ce26f7b9b73ab9c47d29a5efa0f9602.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
tlogs.log@yandex.com - Password:
trust147
Targets
-
-
Target
b369be9337627cace4709477e4969c462ce26f7b9b73ab9c47d29a5efa0f9602
-
Size
950KB
-
MD5
04d9a0e3c67732c01698af3902d2c3c6
-
SHA1
dc1d397df18195cd06fdc3b174b2258410cbe162
-
SHA256
b369be9337627cace4709477e4969c462ce26f7b9b73ab9c47d29a5efa0f9602
-
SHA512
28d1a3a65e24439b3dd33b2c2265d88d8ec0732fffd201dd1c9b73d5e6384cd463c3b38dc5e64562e498ddeaa125e58b6caefff54064d48bc3f0cf2a37954ada
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-