General
-
Target
462225e4d7fc9114f906dbc236c10a633c5cdba1875daf757ce7ad3c14896dce
-
Size
777KB
-
Sample
220707-lqf9babedp
-
MD5
063ed0a9f0dbd546a15d0d49321d3638
-
SHA1
822481aca5d9e237471559877e303a2680b3452c
-
SHA256
462225e4d7fc9114f906dbc236c10a633c5cdba1875daf757ce7ad3c14896dce
-
SHA512
00bdc2b13c7001e300ed5625db15ab07d398da5bac9c5558aea611e959e4e5f5bed91769927edda0c2346b174142faaa52e5ce81668fe0af5110de40a2adb8c1
Static task
static1
Behavioral task
behavioral1
Sample
462225e4d7fc9114f906dbc236c10a633c5cdba1875daf757ce7ad3c14896dce.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
jackiemensah@yandex.com - Password:
unlimitedmoney1812
Targets
-
-
Target
462225e4d7fc9114f906dbc236c10a633c5cdba1875daf757ce7ad3c14896dce
-
Size
777KB
-
MD5
063ed0a9f0dbd546a15d0d49321d3638
-
SHA1
822481aca5d9e237471559877e303a2680b3452c
-
SHA256
462225e4d7fc9114f906dbc236c10a633c5cdba1875daf757ce7ad3c14896dce
-
SHA512
00bdc2b13c7001e300ed5625db15ab07d398da5bac9c5558aea611e959e4e5f5bed91769927edda0c2346b174142faaa52e5ce81668fe0af5110de40a2adb8c1
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-