General
-
Target
5c0084e20443bfc9d722383b39106943e2927c83b5feb300454cf961ef95bc61
-
Size
677KB
-
Sample
220801-td9n4adbgj
-
MD5
07f07d45f11b4e119355fc64bad4db8e
-
SHA1
98bfffbf427fb8b370fc6fceb02c7440b8edc721
-
SHA256
5c0084e20443bfc9d722383b39106943e2927c83b5feb300454cf961ef95bc61
-
SHA512
36a1b5e2689388609461874e71d36af0acfe088da41251e4c9d453558593c4bf1856855a65b52cc4542a8f4014f660ea04a56230b301701b97095083081fdd09
Static task
static1
Behavioral task
behavioral1
Sample
5c0084e20443bfc9d722383b39106943e2927c83b5feb300454cf961ef95bc61.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5c0084e20443bfc9d722383b39106943e2927c83b5feb300454cf961ef95bc61.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.zoho.com - Port:
587 - Username:
danielrazi@zoho.com - Password:
paparaziraziboi
Targets
-
-
Target
5c0084e20443bfc9d722383b39106943e2927c83b5feb300454cf961ef95bc61
-
Size
677KB
-
MD5
07f07d45f11b4e119355fc64bad4db8e
-
SHA1
98bfffbf427fb8b370fc6fceb02c7440b8edc721
-
SHA256
5c0084e20443bfc9d722383b39106943e2927c83b5feb300454cf961ef95bc61
-
SHA512
36a1b5e2689388609461874e71d36af0acfe088da41251e4c9d453558593c4bf1856855a65b52cc4542a8f4014f660ea04a56230b301701b97095083081fdd09
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-