General
-
Target
4aa0b4fb7554a5dbaca53bcdc3bc6f69fd1772d444d29c5513bc95d2b49c1c97
-
Size
950KB
-
Sample
220712-pvmhnsaeap
-
MD5
cf0e6c6a9ef4fbcbb87176c02fefc0fd
-
SHA1
65afdc5ae8e8ac6e63b715c6ec43b686dc3ad5a7
-
SHA256
4aa0b4fb7554a5dbaca53bcdc3bc6f69fd1772d444d29c5513bc95d2b49c1c97
-
SHA512
0685266bd09f178689079470081f2bbc6e292ce9778ebfebd26d45304d3d549b53f663c2ad2895bae2b4db9a7f21f41e9ddd4e71b4fd541cb044d86a2d1cdb86
Static task
static1
Behavioral task
behavioral1
Sample
4aa0b4fb7554a5dbaca53bcdc3bc6f69fd1772d444d29c5513bc95d2b49c1c97.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
dollar.sign0001@yandex.com - Password:
Believe.in.God
Targets
-
-
Target
4aa0b4fb7554a5dbaca53bcdc3bc6f69fd1772d444d29c5513bc95d2b49c1c97
-
Size
950KB
-
MD5
cf0e6c6a9ef4fbcbb87176c02fefc0fd
-
SHA1
65afdc5ae8e8ac6e63b715c6ec43b686dc3ad5a7
-
SHA256
4aa0b4fb7554a5dbaca53bcdc3bc6f69fd1772d444d29c5513bc95d2b49c1c97
-
SHA512
0685266bd09f178689079470081f2bbc6e292ce9778ebfebd26d45304d3d549b53f663c2ad2895bae2b4db9a7f21f41e9ddd4e71b4fd541cb044d86a2d1cdb86
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-