General
-
Target
4b50bda6c3fe41f6c930ec701d851781e1664b720e6fc65ab2fbb6c28916f24b
-
Size
725KB
-
Sample
220712-md72yagfh2
-
MD5
33b63714602355d705387a600617eece
-
SHA1
9d3ebfc281633f5185d6ca1d4bc30a0ec23ef120
-
SHA256
4b50bda6c3fe41f6c930ec701d851781e1664b720e6fc65ab2fbb6c28916f24b
-
SHA512
0d053b226a9a14a826bdd0d7df753d5c6871a8dfd7f157a01fd0cde0a75de233d127fa5ca55592f1146e15dfc067f371f687f3858d77fcc311ef7590e2a54673
Static task
static1
Behavioral task
behavioral1
Sample
4b50bda6c3fe41f6c930ec701d851781e1664b720e6fc65ab2fbb6c28916f24b.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.zoho.com - Port:
587 - Username:
[email protected] - Password:
godsgrace123
Targets
-
-
Target
4b50bda6c3fe41f6c930ec701d851781e1664b720e6fc65ab2fbb6c28916f24b
-
Size
725KB
-
MD5
33b63714602355d705387a600617eece
-
SHA1
9d3ebfc281633f5185d6ca1d4bc30a0ec23ef120
-
SHA256
4b50bda6c3fe41f6c930ec701d851781e1664b720e6fc65ab2fbb6c28916f24b
-
SHA512
0d053b226a9a14a826bdd0d7df753d5c6871a8dfd7f157a01fd0cde0a75de233d127fa5ca55592f1146e15dfc067f371f687f3858d77fcc311ef7590e2a54673
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-