General
-
Target
5d1d38200eb44e745b6644e26cff26267dd2a44b15e155c482d9543fcf1d42da
-
Size
793KB
-
Sample
220801-dn88bahbbq
-
MD5
ca0501efa7f66ff693f7de8e3cea4a1f
-
SHA1
08d67bef613664e7a34ba46a29aa6a5a96991d79
-
SHA256
5d1d38200eb44e745b6644e26cff26267dd2a44b15e155c482d9543fcf1d42da
-
SHA512
f7d90ea928dcfdbc004039a34d924477f88ea00ea0d94823a8b5434e235941e8d91918c0d2703a725abcf5083620e4a6229c22c5459cdf0c6762646d1f6d8bb2
Static task
static1
Behavioral task
behavioral1
Sample
5d1d38200eb44e745b6644e26cff26267dd2a44b15e155c482d9543fcf1d42da.exe
Resource
win7-20220718-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
jackiemensah@yandex.com - Password:
unlimitedmoney1812
Targets
-
-
Target
5d1d38200eb44e745b6644e26cff26267dd2a44b15e155c482d9543fcf1d42da
-
Size
793KB
-
MD5
ca0501efa7f66ff693f7de8e3cea4a1f
-
SHA1
08d67bef613664e7a34ba46a29aa6a5a96991d79
-
SHA256
5d1d38200eb44e745b6644e26cff26267dd2a44b15e155c482d9543fcf1d42da
-
SHA512
f7d90ea928dcfdbc004039a34d924477f88ea00ea0d94823a8b5434e235941e8d91918c0d2703a725abcf5083620e4a6229c22c5459cdf0c6762646d1f6d8bb2
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-