General
-
Target
4be4c1d3f17092537cbb850c669ec2ef939ca70888b5e8aa334f087833b2e58e
-
Size
705KB
-
Sample
220712-kbqc1aaafl
-
MD5
b6060c04745041860e467395a9379f33
-
SHA1
86f06d1599d408bb6c8df5e21f40f42064662b76
-
SHA256
4be4c1d3f17092537cbb850c669ec2ef939ca70888b5e8aa334f087833b2e58e
-
SHA512
d700bd53c109c061c67f179cfb3a4111f7f12c07114d02e6a42f0e28a8fc36464108ac516af9fde5afe7f051540644e2f0a79795cf44e0365f4cb4f54999ece7
Static task
static1
Behavioral task
behavioral1
Sample
4be4c1d3f17092537cbb850c669ec2ef939ca70888b5e8aa334f087833b2e58e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4be4c1d3f17092537cbb850c669ec2ef939ca70888b5e8aa334f087833b2e58e.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.zoho.eu - Port:
587 - Username:
[email protected] - Password:
google1234
Targets
-
-
Target
4be4c1d3f17092537cbb850c669ec2ef939ca70888b5e8aa334f087833b2e58e
-
Size
705KB
-
MD5
b6060c04745041860e467395a9379f33
-
SHA1
86f06d1599d408bb6c8df5e21f40f42064662b76
-
SHA256
4be4c1d3f17092537cbb850c669ec2ef939ca70888b5e8aa334f087833b2e58e
-
SHA512
d700bd53c109c061c67f179cfb3a4111f7f12c07114d02e6a42f0e28a8fc36464108ac516af9fde5afe7f051540644e2f0a79795cf44e0365f4cb4f54999ece7
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-