General
-
Target
51cdbed80ca92cb74429b01d57e832beb90d4b6ffbcf7639281e3713761d8879
-
Size
958KB
-
Sample
220717-shqaksceh7
-
MD5
1e36889624db92dfefc58f9bb1946f27
-
SHA1
913eb1a83bb89069697488f98678d2f08f4b26d5
-
SHA256
51cdbed80ca92cb74429b01d57e832beb90d4b6ffbcf7639281e3713761d8879
-
SHA512
51ee65fc1a57689e52ad57d63942593727e650c881c24c350a0dc676dc329bd1e4cf30c2faaf5d7a11c2018ec48e0d2351c6a35418a905199915de788f7e4e3c
Static task
static1
Behavioral task
behavioral1
Sample
51cdbed80ca92cb74429b01d57e832beb90d4b6ffbcf7639281e3713761d8879.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
kennedey.isaac@yandex.com - Password:
jozo2018
Targets
-
-
Target
51cdbed80ca92cb74429b01d57e832beb90d4b6ffbcf7639281e3713761d8879
-
Size
958KB
-
MD5
1e36889624db92dfefc58f9bb1946f27
-
SHA1
913eb1a83bb89069697488f98678d2f08f4b26d5
-
SHA256
51cdbed80ca92cb74429b01d57e832beb90d4b6ffbcf7639281e3713761d8879
-
SHA512
51ee65fc1a57689e52ad57d63942593727e650c881c24c350a0dc676dc329bd1e4cf30c2faaf5d7a11c2018ec48e0d2351c6a35418a905199915de788f7e4e3c
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-