General
-
Target
53ae04a065c7d89624e604ef7474e22a02cb2d35c40696e3b6844c49261bcbfd
-
Size
954KB
-
Sample
220727-azmxnsbeg7
-
MD5
ee98a661933b0bb6753035ec8d4896eb
-
SHA1
8883c2fb226406f940ea18b9802f81fc7fb088c3
-
SHA256
53ae04a065c7d89624e604ef7474e22a02cb2d35c40696e3b6844c49261bcbfd
-
SHA512
d8f6e18bee761645754819e4e66ada9df97d27c3e2fec494275a1f17140f2eed4de832d4b22e397ab5594f2f1dc5201e9212a8e998ff450acec507f0d68f9c88
Static task
static1
Behavioral task
behavioral1
Sample
53ae04a065c7d89624e604ef7474e22a02cb2d35c40696e3b6844c49261bcbfd.exe
Resource
win7-20220718-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
soss.official2017@yandex.com - Password:
troy12345
Targets
-
-
Target
53ae04a065c7d89624e604ef7474e22a02cb2d35c40696e3b6844c49261bcbfd
-
Size
954KB
-
MD5
ee98a661933b0bb6753035ec8d4896eb
-
SHA1
8883c2fb226406f940ea18b9802f81fc7fb088c3
-
SHA256
53ae04a065c7d89624e604ef7474e22a02cb2d35c40696e3b6844c49261bcbfd
-
SHA512
d8f6e18bee761645754819e4e66ada9df97d27c3e2fec494275a1f17140f2eed4de832d4b22e397ab5594f2f1dc5201e9212a8e998ff450acec507f0d68f9c88
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-