General
-
Target
O00000000876965439.PDF.exe
-
Size
684KB
-
Sample
220729-fw8ymafban
-
MD5
8549da1578244a9e739cd19f5112c831
-
SHA1
6f81ecd96bafcc3b2263b123c873ade617e05124
-
SHA256
1e35254abf2093f39899b09689d0a17d1bf70829dbae10356a2596eceb85c4c4
-
SHA512
e3de715841317e5a48afc4b0f03515012a0d58ab335aa69229b62eaaef54f5aae1d92594ad735e28e97c5fb357bfd0ea4073e4dc5249fb2e37a44a533461ad4b
Static task
static1
Behavioral task
behavioral1
Sample
O00000000876965439.PDF.exe
Resource
win7-20220718-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.trambaohanhelectroluxhn.com - Port:
21 - Username:
LOGGSS2022@suachuaduongongnuoc.net - Password:
Wn5b%iX[O%95
Targets
-
-
Target
O00000000876965439.PDF.exe
-
Size
684KB
-
MD5
8549da1578244a9e739cd19f5112c831
-
SHA1
6f81ecd96bafcc3b2263b123c873ade617e05124
-
SHA256
1e35254abf2093f39899b09689d0a17d1bf70829dbae10356a2596eceb85c4c4
-
SHA512
e3de715841317e5a48afc4b0f03515012a0d58ab335aa69229b62eaaef54f5aae1d92594ad735e28e97c5fb357bfd0ea4073e4dc5249fb2e37a44a533461ad4b
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-