General
-
Target
4fcf6a0b40b045b1ce5c37c912989ad0f8a26f5eb18dde467ab5565c09b90792
-
Size
970KB
-
Sample
220719-y4swgsbed9
-
MD5
7368657baf850ecfd5d70e1f8e2a0fcd
-
SHA1
70ec9d06ecd975708e1589da9900a75c8846e843
-
SHA256
4fcf6a0b40b045b1ce5c37c912989ad0f8a26f5eb18dde467ab5565c09b90792
-
SHA512
a54bf8e35f1209b4a6f22eccbda4ff95071791c870c7b5b88f7c511f66b4c3e2055ee9b6dfebe02154898e494244eb3614927a1144537b9e7d890915301ded8a
Static task
static1
Behavioral task
behavioral1
Sample
4fcf6a0b40b045b1ce5c37c912989ad0f8a26f5eb18dde467ab5565c09b90792.exe
Resource
win7-20220715-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
endurance.hart@yandex.com - Password:
alibaba1234
Targets
-
-
Target
4fcf6a0b40b045b1ce5c37c912989ad0f8a26f5eb18dde467ab5565c09b90792
-
Size
970KB
-
MD5
7368657baf850ecfd5d70e1f8e2a0fcd
-
SHA1
70ec9d06ecd975708e1589da9900a75c8846e843
-
SHA256
4fcf6a0b40b045b1ce5c37c912989ad0f8a26f5eb18dde467ab5565c09b90792
-
SHA512
a54bf8e35f1209b4a6f22eccbda4ff95071791c870c7b5b88f7c511f66b4c3e2055ee9b6dfebe02154898e494244eb3614927a1144537b9e7d890915301ded8a
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-