General
-
Target
56a1cb4e016d2cea460034de6884e83f44c33dba53e7006ee463be59918a9316
-
Size
946KB
-
Sample
220725-cmz3ksafej
-
MD5
0c3ba5acb5676576ecc18fea71e6a3eb
-
SHA1
ecd328453fe35ba1a642cfc285393ce5fd4cab54
-
SHA256
56a1cb4e016d2cea460034de6884e83f44c33dba53e7006ee463be59918a9316
-
SHA512
2919f6df12afa61fb5893552317e296f3acf8903a6da9f2d3c5a161cf93e59dc0deadc3b0cace143b34ac4646c2fa91523e574375214fbf7bcb656f84f5f1e54
Static task
static1
Behavioral task
behavioral1
Sample
56a1cb4e016d2cea460034de6884e83f44c33dba53e7006ee463be59918a9316.exe
Resource
win7-20220715-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mr.kilo2016@yandex.com - Password:
jasper101
Targets
-
-
Target
56a1cb4e016d2cea460034de6884e83f44c33dba53e7006ee463be59918a9316
-
Size
946KB
-
MD5
0c3ba5acb5676576ecc18fea71e6a3eb
-
SHA1
ecd328453fe35ba1a642cfc285393ce5fd4cab54
-
SHA256
56a1cb4e016d2cea460034de6884e83f44c33dba53e7006ee463be59918a9316
-
SHA512
2919f6df12afa61fb5893552317e296f3acf8903a6da9f2d3c5a161cf93e59dc0deadc3b0cace143b34ac4646c2fa91523e574375214fbf7bcb656f84f5f1e54
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-