General
-
Target
56eec25f63753f47fb20552ff40848be5af19ea04889f651e9c69daf014dfc94
-
Size
825KB
-
Sample
220725-bmldraghel
-
MD5
6e5ad778811a9b958742035980524849
-
SHA1
7033b2ad54062e494d826d6e918ee96043ed7a4c
-
SHA256
56eec25f63753f47fb20552ff40848be5af19ea04889f651e9c69daf014dfc94
-
SHA512
057af4bcc7060761f5df1bf7342f012dd6bc8c394b75e7ce4eb7b5d8092e01847626fecd55f6c519f186db4a3863e15c3110aa510f5dbd199b425f8b916de934
Static task
static1
Behavioral task
behavioral1
Sample
56eec25f63753f47fb20552ff40848be5af19ea04889f651e9c69daf014dfc94.exe
Resource
win7-20220715-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
han.white101@yandex.com - Password:
qwerty67890
Targets
-
-
Target
56eec25f63753f47fb20552ff40848be5af19ea04889f651e9c69daf014dfc94
-
Size
825KB
-
MD5
6e5ad778811a9b958742035980524849
-
SHA1
7033b2ad54062e494d826d6e918ee96043ed7a4c
-
SHA256
56eec25f63753f47fb20552ff40848be5af19ea04889f651e9c69daf014dfc94
-
SHA512
057af4bcc7060761f5df1bf7342f012dd6bc8c394b75e7ce4eb7b5d8092e01847626fecd55f6c519f186db4a3863e15c3110aa510f5dbd199b425f8b916de934
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-