General
-
Target
3b9443e5998139ca737929e94fb30966a3ade985c52ddfff820fddb69b6477b1
-
Size
930KB
-
Sample
220703-tgsvrafhap
-
MD5
c4407790e6cf536bddef6226e0fca4bc
-
SHA1
71bbc6e838a1f8caffcf28a48e5db120e81724b2
-
SHA256
3b9443e5998139ca737929e94fb30966a3ade985c52ddfff820fddb69b6477b1
-
SHA512
5f3ac476b30f49dc7773afffe8db7f08198ec67fee235d7db3f92819339003dacb5b54686f0bd64b8723923cfa66e9c374b900b49bf2353b9a788da0419ee534
Static task
static1
Behavioral task
behavioral1
Sample
3b9443e5998139ca737929e94fb30966a3ade985c52ddfff820fddb69b6477b1.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
weng.zheng@yandex.com - Password:
biggod@123
Targets
-
-
Target
3b9443e5998139ca737929e94fb30966a3ade985c52ddfff820fddb69b6477b1
-
Size
930KB
-
MD5
c4407790e6cf536bddef6226e0fca4bc
-
SHA1
71bbc6e838a1f8caffcf28a48e5db120e81724b2
-
SHA256
3b9443e5998139ca737929e94fb30966a3ade985c52ddfff820fddb69b6477b1
-
SHA512
5f3ac476b30f49dc7773afffe8db7f08198ec67fee235d7db3f92819339003dacb5b54686f0bd64b8723923cfa66e9c374b900b49bf2353b9a788da0419ee534
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-