General
-
Target
9cdd721a004040f45ab3d4fbfa588ada0cc8cd769428959920be5d9cdb619540
-
Size
999KB
-
Sample
220724-zrjbysgcem
-
MD5
dd0d46842443bace025185c081d7d311
-
SHA1
809b9b78ec996ac090ffd79e5c147203990467b3
-
SHA256
9cdd721a004040f45ab3d4fbfa588ada0cc8cd769428959920be5d9cdb619540
-
SHA512
9406d73eba02d20ac2104bfb142a82db06267bb8002ac88053c3978d54d8765954578da65481cf289a8e78c01da6ee0c9dd01636a072d47693e29724bacecb1d
Static task
static1
Behavioral task
behavioral1
Sample
9cdd721a004040f45ab3d4fbfa588ada0cc8cd769428959920be5d9cdb619540.exe
Resource
win7-20220718-en
Malware Config
Extracted
Protocol: smtp- Host:
smtpout.secureserver.net - Port:
587 - Username:
amartinez@hodgeautogroup.com - Password:
Livesex#2019
Targets
-
-
Target
9cdd721a004040f45ab3d4fbfa588ada0cc8cd769428959920be5d9cdb619540
-
Size
999KB
-
MD5
dd0d46842443bace025185c081d7d311
-
SHA1
809b9b78ec996ac090ffd79e5c147203990467b3
-
SHA256
9cdd721a004040f45ab3d4fbfa588ada0cc8cd769428959920be5d9cdb619540
-
SHA512
9406d73eba02d20ac2104bfb142a82db06267bb8002ac88053c3978d54d8765954578da65481cf289a8e78c01da6ee0c9dd01636a072d47693e29724bacecb1d
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-