General
-
Target
E1418893649007.PDF.exe
-
Size
1.1MB
-
Sample
220801-j58wrsfebn
-
MD5
21491189acd58edf2ffcc5829abbb7a6
-
SHA1
97439584bd72e0ea470085983cf18a02581b76b4
-
SHA256
712e38d6f7ec0cb09be6fea727a3748b2de1c7c8286b33bb227f68dca34b6073
-
SHA512
0f0cb57475a5ba07f00c8993febec95cb953b4d1b5f13229db9463e81e4cf584d15b8b1d58a3ffafb459baf0b67dda46efdb445b128ed0470784faef6b8cd716
Static task
static1
Behavioral task
behavioral1
Sample
E1418893649007.PDF.exe
Resource
win7-20220718-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.trambaohanhelectroluxhn.com - Port:
21 - Username:
LOGGSS2022@suachuaduongongnuoc.net - Password:
Wn5b%iX[O%95
Targets
-
-
Target
E1418893649007.PDF.exe
-
Size
1.1MB
-
MD5
21491189acd58edf2ffcc5829abbb7a6
-
SHA1
97439584bd72e0ea470085983cf18a02581b76b4
-
SHA256
712e38d6f7ec0cb09be6fea727a3748b2de1c7c8286b33bb227f68dca34b6073
-
SHA512
0f0cb57475a5ba07f00c8993febec95cb953b4d1b5f13229db9463e81e4cf584d15b8b1d58a3ffafb459baf0b67dda46efdb445b128ed0470784faef6b8cd716
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-