General
-
Target
59d32fa1e0458f5442113a78818f9c2cd5bcc87baf879fe7422bf89401249253
-
Size
946KB
-
Sample
220724-c7y11scbhn
-
MD5
fc4ff9d8c0e05abacfb2d51035a1b6e1
-
SHA1
7b11509844d29755649282f439e88fa554a05cfd
-
SHA256
59d32fa1e0458f5442113a78818f9c2cd5bcc87baf879fe7422bf89401249253
-
SHA512
770600e47555d6f55a923770e1ff4dacff5e870467a3752b5a0509d94c1d76d4ea1e951805ad3068bb1a92daa315df348aaff20139c30092ad34cf8ae5c57e84
Static task
static1
Behavioral task
behavioral1
Sample
59d32fa1e0458f5442113a78818f9c2cd5bcc87baf879fe7422bf89401249253.exe
Resource
win7-20220718-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
wellsbagwell@yandex.com - Password:
mistaspaz@89
Targets
-
-
Target
59d32fa1e0458f5442113a78818f9c2cd5bcc87baf879fe7422bf89401249253
-
Size
946KB
-
MD5
fc4ff9d8c0e05abacfb2d51035a1b6e1
-
SHA1
7b11509844d29755649282f439e88fa554a05cfd
-
SHA256
59d32fa1e0458f5442113a78818f9c2cd5bcc87baf879fe7422bf89401249253
-
SHA512
770600e47555d6f55a923770e1ff4dacff5e870467a3752b5a0509d94c1d76d4ea1e951805ad3068bb1a92daa315df348aaff20139c30092ad34cf8ae5c57e84
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-