General
-
Target
59b28d6c96802591ab81aebfb31989c952b002931e8abad6abdcd23b2055b7d4
-
Size
954KB
-
Sample
220724-dnfk1adac2
-
MD5
b4422d51970882304acf38d5bf3e2b10
-
SHA1
2b379aa5a8ce2c24a66d3082be3ef08155fc7b73
-
SHA256
59b28d6c96802591ab81aebfb31989c952b002931e8abad6abdcd23b2055b7d4
-
SHA512
82cd41df7f49d672b806c930891344bb7a2ffbf87816f2ab9b4d3143fa325178fab205a7001cd690ca2656300c2922fe227723d367f29391b8b73cadcb4bfbd8
Static task
static1
Behavioral task
behavioral1
Sample
59b28d6c96802591ab81aebfb31989c952b002931e8abad6abdcd23b2055b7d4.exe
Resource
win7-20220715-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
billion123
Targets
-
-
Target
59b28d6c96802591ab81aebfb31989c952b002931e8abad6abdcd23b2055b7d4
-
Size
954KB
-
MD5
b4422d51970882304acf38d5bf3e2b10
-
SHA1
2b379aa5a8ce2c24a66d3082be3ef08155fc7b73
-
SHA256
59b28d6c96802591ab81aebfb31989c952b002931e8abad6abdcd23b2055b7d4
-
SHA512
82cd41df7f49d672b806c930891344bb7a2ffbf87816f2ab9b4d3143fa325178fab205a7001cd690ca2656300c2922fe227723d367f29391b8b73cadcb4bfbd8
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-