General
-
Target
57aae23b9a3d8d1b8c9d48de36e4d877ba62e15de9343f379ffd01f3b774d467
-
Size
689KB
-
Sample
220724-zjd29sffg7
-
MD5
2e2c3e6a12dc7bbb71702e110163f38d
-
SHA1
9df48fc5f7b93e749ab31facbea64cd18b59370e
-
SHA256
57aae23b9a3d8d1b8c9d48de36e4d877ba62e15de9343f379ffd01f3b774d467
-
SHA512
f955822a10ba59a663c607995c1d41c90a517f406a327f0fe5616abbcf1c28d8551a6c21341c4cb55799c26afe7d34270e6625b0d4668ece42683c6d487dc316
Static task
static1
Behavioral task
behavioral1
Sample
57aae23b9a3d8d1b8c9d48de36e4d877ba62e15de9343f379ffd01f3b774d467.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
57aae23b9a3d8d1b8c9d48de36e4d877ba62e15de9343f379ffd01f3b774d467.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.zoho.com - Port:
587 - Username:
chuks44@zoho.com - Password:
ngwori11
Targets
-
-
Target
57aae23b9a3d8d1b8c9d48de36e4d877ba62e15de9343f379ffd01f3b774d467
-
Size
689KB
-
MD5
2e2c3e6a12dc7bbb71702e110163f38d
-
SHA1
9df48fc5f7b93e749ab31facbea64cd18b59370e
-
SHA256
57aae23b9a3d8d1b8c9d48de36e4d877ba62e15de9343f379ffd01f3b774d467
-
SHA512
f955822a10ba59a663c607995c1d41c90a517f406a327f0fe5616abbcf1c28d8551a6c21341c4cb55799c26afe7d34270e6625b0d4668ece42683c6d487dc316
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-