General
-
Target
83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b
-
Size
958KB
-
Sample
220731-f1f4eabchr
-
MD5
a469bc3854c73406e2c2a533cf60de93
-
SHA1
f3e4070d2f091e44068349e07ffe5532ac1b80b8
-
SHA256
83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b
-
SHA512
02146bd2d7c094e4470e330028c8e9a06d755f0d85aab6eca3426486eb3f478571fbc5bf74489b7439d299f96d438a3d558eacddee82869246dff00c05ac1b3b
Static task
static1
Behavioral task
behavioral1
Sample
83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
jonasfranklin@yandex.com - Password:
MEGworld.,
Targets
-
-
Target
83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b
-
Size
958KB
-
MD5
a469bc3854c73406e2c2a533cf60de93
-
SHA1
f3e4070d2f091e44068349e07ffe5532ac1b80b8
-
SHA256
83e2a7ad036af18cfadc0a723ce688507f2079f05f20ef3678708f80322c6d5b
-
SHA512
02146bd2d7c094e4470e330028c8e9a06d755f0d85aab6eca3426486eb3f478571fbc5bf74489b7439d299f96d438a3d558eacddee82869246dff00c05ac1b3b
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-