General
-
Target
c111b6a522bd2d810182c96174d6e5b06396a07fe06a711d7d018b517461e358
-
Size
668KB
-
Sample
220717-b5f7rabghk
-
MD5
e3f0a2033a78e307a71320217ef738bc
-
SHA1
c27e02a95ee0a960cfca209db890c4508fcf4954
-
SHA256
c111b6a522bd2d810182c96174d6e5b06396a07fe06a711d7d018b517461e358
-
SHA512
8e24817a9192dfe21240b3fe5e909938650e4706fd7f1b62cf47091f90efbf2003290af55b65c6c4656610d02c0433c71aaf14a03eb38da67ec874539e48d4ab
Static task
static1
Behavioral task
behavioral1
Sample
c111b6a522bd2d810182c96174d6e5b06396a07fe06a711d7d018b517461e358.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
c111b6a522bd2d810182c96174d6e5b06396a07fe06a711d7d018b517461e358.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
purchasemd@vivaldi.net - Password:
application@
Targets
-
-
Target
c111b6a522bd2d810182c96174d6e5b06396a07fe06a711d7d018b517461e358
-
Size
668KB
-
MD5
e3f0a2033a78e307a71320217ef738bc
-
SHA1
c27e02a95ee0a960cfca209db890c4508fcf4954
-
SHA256
c111b6a522bd2d810182c96174d6e5b06396a07fe06a711d7d018b517461e358
-
SHA512
8e24817a9192dfe21240b3fe5e909938650e4706fd7f1b62cf47091f90efbf2003290af55b65c6c4656610d02c0433c71aaf14a03eb38da67ec874539e48d4ab
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-