General
-
Target
5e033870891778609ff43626f637530e93531956256f914396417616058f1641
-
Size
970KB
-
Sample
220731-1k2emahef4
-
MD5
e6350b9f4608bae0aab1347846407674
-
SHA1
08b77622b00a125e54f2c718eacc1c8f57b40b73
-
SHA256
5e033870891778609ff43626f637530e93531956256f914396417616058f1641
-
SHA512
009ec32793d3a7b3849f5b3e4da7e0343a3350cf83a79bd4d388e22d0f37fb3793734fb6d0ec6f2406ef1e2b823c5a353c09ae53ac05f3ac943236e577bc215a
Static task
static1
Behavioral task
behavioral1
Sample
5e033870891778609ff43626f637530e93531956256f914396417616058f1641.exe
Resource
win7-20220718-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
shijumike@yandex.com - Password:
mikeaboyland
Targets
-
-
Target
5e033870891778609ff43626f637530e93531956256f914396417616058f1641
-
Size
970KB
-
MD5
e6350b9f4608bae0aab1347846407674
-
SHA1
08b77622b00a125e54f2c718eacc1c8f57b40b73
-
SHA256
5e033870891778609ff43626f637530e93531956256f914396417616058f1641
-
SHA512
009ec32793d3a7b3849f5b3e4da7e0343a3350cf83a79bd4d388e22d0f37fb3793734fb6d0ec6f2406ef1e2b823c5a353c09ae53ac05f3ac943236e577bc215a
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-