General
-
Target
47df51cf2a01b78fdd7d24f002a17312fe60cf3dcdfef1c3e7d95d2dfca2c243
-
Size
815KB
-
Sample
220714-fpd5nshfh4
-
MD5
8f651270e46936427cb394a9788cfc43
-
SHA1
600c41ac8c389c402432b8cd4b4d25d750fe076f
-
SHA256
47df51cf2a01b78fdd7d24f002a17312fe60cf3dcdfef1c3e7d95d2dfca2c243
-
SHA512
d7bf5e0906bd63a4e471f086f71cee000c67b8d0d3d475f49d8f17cc4cd165633971a073e926e06b2bb716013a0bb4b6a588beaa5f1a21c486104eb34b864268
Static task
static1
Behavioral task
behavioral1
Sample
47df51cf2a01b78fdd7d24f002a17312fe60cf3dcdfef1c3e7d95d2dfca2c243.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
47df51cf2a01b78fdd7d24f002a17312fe60cf3dcdfef1c3e7d95d2dfca2c243.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
longwheelbase2018@yandex.com - Password:
myrecords1248@
Targets
-
-
Target
47df51cf2a01b78fdd7d24f002a17312fe60cf3dcdfef1c3e7d95d2dfca2c243
-
Size
815KB
-
MD5
8f651270e46936427cb394a9788cfc43
-
SHA1
600c41ac8c389c402432b8cd4b4d25d750fe076f
-
SHA256
47df51cf2a01b78fdd7d24f002a17312fe60cf3dcdfef1c3e7d95d2dfca2c243
-
SHA512
d7bf5e0906bd63a4e471f086f71cee000c67b8d0d3d475f49d8f17cc4cd165633971a073e926e06b2bb716013a0bb4b6a588beaa5f1a21c486104eb34b864268
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-