General
-
Target
44af8c64ef14f54ae1b493a451d061d809fb1f5d5250162227c1c1064f867714
-
Size
942KB
-
Sample
220707-w6f9csghf3
-
MD5
21a54cfc4d923b8a285c2cbba6b9b3a6
-
SHA1
32f20d935fad3686094b08cc644982d1f2d59036
-
SHA256
44af8c64ef14f54ae1b493a451d061d809fb1f5d5250162227c1c1064f867714
-
SHA512
e29ff7810ac5953b281a9f2d2f9cac38b7db78b3f9d02d20b11e4ac78be60a089d3ef60ebd87ff18f2f4b600dd3dc3d3bd7e3c0a405d0e39d8c2a82ace3cf785
Static task
static1
Behavioral task
behavioral1
Sample
44af8c64ef14f54ae1b493a451d061d809fb1f5d5250162227c1c1064f867714.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
newyearlogin@yandex.com - Password:
ifeanyi1987
Targets
-
-
Target
44af8c64ef14f54ae1b493a451d061d809fb1f5d5250162227c1c1064f867714
-
Size
942KB
-
MD5
21a54cfc4d923b8a285c2cbba6b9b3a6
-
SHA1
32f20d935fad3686094b08cc644982d1f2d59036
-
SHA256
44af8c64ef14f54ae1b493a451d061d809fb1f5d5250162227c1c1064f867714
-
SHA512
e29ff7810ac5953b281a9f2d2f9cac38b7db78b3f9d02d20b11e4ac78be60a089d3ef60ebd87ff18f2f4b600dd3dc3d3bd7e3c0a405d0e39d8c2a82ace3cf785
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-