General
-
Target
58fe2c7eddb9e31a670eee8397031608f6f1bb30dc1b92df6565551f0118599c
-
Size
942KB
-
Sample
220724-gkmfxsheh7
-
MD5
fe102c4357ee207448dc6a7a99d18a9e
-
SHA1
bf4559a3607b74e60dd4cdf832ecf07d19669e96
-
SHA256
58fe2c7eddb9e31a670eee8397031608f6f1bb30dc1b92df6565551f0118599c
-
SHA512
d3f51948171348ff59738f6ac9e51fa7c341fb77066966ed3ccf884364305e56d494bc8b3a8b1437aa3476cc50a430950a17e604796daa15b70f6afca6ad95d1
Static task
static1
Behavioral task
behavioral1
Sample
58fe2c7eddb9e31a670eee8397031608f6f1bb30dc1b92df6565551f0118599c.exe
Resource
win7-20220715-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
american.sniper1@yandex.com - Password:
jesus4ever
Targets
-
-
Target
58fe2c7eddb9e31a670eee8397031608f6f1bb30dc1b92df6565551f0118599c
-
Size
942KB
-
MD5
fe102c4357ee207448dc6a7a99d18a9e
-
SHA1
bf4559a3607b74e60dd4cdf832ecf07d19669e96
-
SHA256
58fe2c7eddb9e31a670eee8397031608f6f1bb30dc1b92df6565551f0118599c
-
SHA512
d3f51948171348ff59738f6ac9e51fa7c341fb77066966ed3ccf884364305e56d494bc8b3a8b1437aa3476cc50a430950a17e604796daa15b70f6afca6ad95d1
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-