General
-
Target
1e23bf99901af78b6c80fcba682153ba56ef22aa94047f210500b80204134c92
-
Size
520KB
-
Sample
220708-r2d6zsecal
-
MD5
551f0928da0bfe0e3c24b891ba8f5cce
-
SHA1
27c8eafe381fb2219df2e2d4be53d3ef14ffb333
-
SHA256
1e23bf99901af78b6c80fcba682153ba56ef22aa94047f210500b80204134c92
-
SHA512
4c57a6edaaac1b6d155f208dcdcdc2328144c69bb47a7a60b565b545657806d148a4c2c49e426432786d2042e163aa9eeee2cc2ccf7b25a60d038e1770bba529
Static task
static1
Behavioral task
behavioral1
Sample
1e23bf99901af78b6c80fcba682153ba56ef22aa94047f210500b80204134c92.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
aadfsasd@bk.ru - Password:
123132123qq
Targets
-
-
Target
1e23bf99901af78b6c80fcba682153ba56ef22aa94047f210500b80204134c92
-
Size
520KB
-
MD5
551f0928da0bfe0e3c24b891ba8f5cce
-
SHA1
27c8eafe381fb2219df2e2d4be53d3ef14ffb333
-
SHA256
1e23bf99901af78b6c80fcba682153ba56ef22aa94047f210500b80204134c92
-
SHA512
4c57a6edaaac1b6d155f208dcdcdc2328144c69bb47a7a60b565b545657806d148a4c2c49e426432786d2042e163aa9eeee2cc2ccf7b25a60d038e1770bba529
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-