General
-
Target
510573af752c0027d747054982ae4823c2fec5c0e22c88732882fe5479adb42e
-
Size
922KB
-
Sample
220718-w4bk4aeafr
-
MD5
7e6095adef252a307789fde2a472da27
-
SHA1
45ea251ad20c3664f2a527b70658a1bd77577d18
-
SHA256
510573af752c0027d747054982ae4823c2fec5c0e22c88732882fe5479adb42e
-
SHA512
94473305ec14cba709228267229f80b036212b52a18f5a6cb2f15fb715375bfb2a3f1c1a6b9bbe1a2bf2d1cb5010dc2be0e2ce875ce3c6c29a586fd4b21d8974
Static task
static1
Behavioral task
behavioral1
Sample
510573af752c0027d747054982ae4823c2fec5c0e22c88732882fe5479adb42e.exe
Resource
win7-20220718-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
kennedey.isaac@yandex.com - Password:
jozo2018
Targets
-
-
Target
510573af752c0027d747054982ae4823c2fec5c0e22c88732882fe5479adb42e
-
Size
922KB
-
MD5
7e6095adef252a307789fde2a472da27
-
SHA1
45ea251ad20c3664f2a527b70658a1bd77577d18
-
SHA256
510573af752c0027d747054982ae4823c2fec5c0e22c88732882fe5479adb42e
-
SHA512
94473305ec14cba709228267229f80b036212b52a18f5a6cb2f15fb715375bfb2a3f1c1a6b9bbe1a2bf2d1cb5010dc2be0e2ce875ce3c6c29a586fd4b21d8974
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-