General
-
Target
4858c75de20e121e8fea9996ad070ee4759764b46cc247687bf42af3ac08c46c
-
Size
773KB
-
Sample
220714-dwkvpabdap
-
MD5
919fad47fb64a39ead7e17dfbe4cfc06
-
SHA1
5397ecbfee38cc27ad328c80de850a1da0334734
-
SHA256
4858c75de20e121e8fea9996ad070ee4759764b46cc247687bf42af3ac08c46c
-
SHA512
d0e0b93b39730a6ba98f1af3af0d10948c4fe036b940fc3520ad7a667a94641c447fdcb66ee0716b632bec2cb588594e884f1ba58a23f8d2eea5de0666775005
Static task
static1
Behavioral task
behavioral1
Sample
4858c75de20e121e8fea9996ad070ee4759764b46cc247687bf42af3ac08c46c.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
sizwe.bansi2017@yandex.com - Password:
prayforme18
Targets
-
-
Target
4858c75de20e121e8fea9996ad070ee4759764b46cc247687bf42af3ac08c46c
-
Size
773KB
-
MD5
919fad47fb64a39ead7e17dfbe4cfc06
-
SHA1
5397ecbfee38cc27ad328c80de850a1da0334734
-
SHA256
4858c75de20e121e8fea9996ad070ee4759764b46cc247687bf42af3ac08c46c
-
SHA512
d0e0b93b39730a6ba98f1af3af0d10948c4fe036b940fc3520ad7a667a94641c447fdcb66ee0716b632bec2cb588594e884f1ba58a23f8d2eea5de0666775005
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-