General
-
Target
6bc07d70aab4031f112773f4eef8049540106b00ce1322a8313f776203c7c3af
-
Size
676KB
-
Sample
220725-et5bzsedhj
-
MD5
1f20e0da472a066443b9b8b5a16d8abb
-
SHA1
293b3212ceaf05ac4f4b49778863fbbe3879fb0d
-
SHA256
6bc07d70aab4031f112773f4eef8049540106b00ce1322a8313f776203c7c3af
-
SHA512
3ed1d6bd87680430932d1e9bff2f3c9756e2bb1ab6479eaa95d7447c4e6583a5bc72d14fb8ad3672b416feda8591f3df0e2554153465b5773264828da3a50560
Static task
static1
Behavioral task
behavioral1
Sample
6bc07d70aab4031f112773f4eef8049540106b00ce1322a8313f776203c7c3af.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
6bc07d70aab4031f112773f4eef8049540106b00ce1322a8313f776203c7c3af.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.bellahomedecor.com.br - Port:
587 - Username:
contato@bellahomedecor.com.br - Password:
contato
Targets
-
-
Target
6bc07d70aab4031f112773f4eef8049540106b00ce1322a8313f776203c7c3af
-
Size
676KB
-
MD5
1f20e0da472a066443b9b8b5a16d8abb
-
SHA1
293b3212ceaf05ac4f4b49778863fbbe3879fb0d
-
SHA256
6bc07d70aab4031f112773f4eef8049540106b00ce1322a8313f776203c7c3af
-
SHA512
3ed1d6bd87680430932d1e9bff2f3c9756e2bb1ab6479eaa95d7447c4e6583a5bc72d14fb8ad3672b416feda8591f3df0e2554153465b5773264828da3a50560
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-