General
-
Target
5b2acc95cb4ff1f813a5f60e61899d61823ce4433e5a6c0e4d70ca9deac052ff
-
Size
1018KB
-
Sample
220802-a37fgsbha4
-
MD5
2933735ffb865073c2b817e16c631a86
-
SHA1
90888d8cb8be66f087d3ffc48fbd30b815bb7bdf
-
SHA256
5b2acc95cb4ff1f813a5f60e61899d61823ce4433e5a6c0e4d70ca9deac052ff
-
SHA512
168a98aedeaff9a9de0f919f10afb456a76667e2eea375123860edf86390a23441d299e842cc42b42c9424b754460c64f2c02618e364bb84ba5f31e73aa0f072
Static task
static1
Behavioral task
behavioral1
Sample
5b2acc95cb4ff1f813a5f60e61899d61823ce4433e5a6c0e4d70ca9deac052ff.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5b2acc95cb4ff1f813a5f60e61899d61823ce4433e5a6c0e4d70ca9deac052ff.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
devidochiboy@vivaldi.net - Password:
qwerty#$12rt
Targets
-
-
Target
5b2acc95cb4ff1f813a5f60e61899d61823ce4433e5a6c0e4d70ca9deac052ff
-
Size
1018KB
-
MD5
2933735ffb865073c2b817e16c631a86
-
SHA1
90888d8cb8be66f087d3ffc48fbd30b815bb7bdf
-
SHA256
5b2acc95cb4ff1f813a5f60e61899d61823ce4433e5a6c0e4d70ca9deac052ff
-
SHA512
168a98aedeaff9a9de0f919f10afb456a76667e2eea375123860edf86390a23441d299e842cc42b42c9424b754460c64f2c02618e364bb84ba5f31e73aa0f072
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-