General
-
Target
b0ada85c4c105fe23fa45860e54d5a1c59ad9d29ed2975ab3dec9deb172a51b9
-
Size
713KB
-
Sample
220725-d8v67adddm
-
MD5
24924cd96a6a34bd61993edbead3eb3e
-
SHA1
b1e4b022760ab61691ac5e2d1ef5facb6d6734c0
-
SHA256
b0ada85c4c105fe23fa45860e54d5a1c59ad9d29ed2975ab3dec9deb172a51b9
-
SHA512
ffa0f5e48f36983b99172d5a1a7dddc1cba47c6e130b020c5476f78a39d28ccfbcfeb71df863843d910647da835d3e1557d408ba5a9f4570c6773aefb8110ddb
Static task
static1
Behavioral task
behavioral1
Sample
b0ada85c4c105fe23fa45860e54d5a1c59ad9d29ed2975ab3dec9deb172a51b9.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
b0ada85c4c105fe23fa45860e54d5a1c59ad9d29ed2975ab3dec9deb172a51b9.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.zoho.com - Port:
587 - Username:
alwayscare@zoho.com - Password:
Mmaduabuchi!05
Targets
-
-
Target
b0ada85c4c105fe23fa45860e54d5a1c59ad9d29ed2975ab3dec9deb172a51b9
-
Size
713KB
-
MD5
24924cd96a6a34bd61993edbead3eb3e
-
SHA1
b1e4b022760ab61691ac5e2d1ef5facb6d6734c0
-
SHA256
b0ada85c4c105fe23fa45860e54d5a1c59ad9d29ed2975ab3dec9deb172a51b9
-
SHA512
ffa0f5e48f36983b99172d5a1a7dddc1cba47c6e130b020c5476f78a39d28ccfbcfeb71df863843d910647da835d3e1557d408ba5a9f4570c6773aefb8110ddb
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-