General
-
Target
dd7526e78e317b1bd3873e2536a6e87932f140743c89e80b4f99abf522e6c3f9
-
Size
473KB
-
Sample
220830-fwthyaccap
-
MD5
18e1a962b365f75f8c7e7b3b1985f2a2
-
SHA1
6672f2dde2660b905c9c96c1042035819fc06408
-
SHA256
dd7526e78e317b1bd3873e2536a6e87932f140743c89e80b4f99abf522e6c3f9
-
SHA512
e98cb0e0fe2c0e4d0e2534f4f331e238cb3a3f80f772c4dc97d539346fa6d6a51b2d8c48320b0fd8452b5101ee1820a65ced1eee8f9c5d9a24e3c575f8418891
-
SSDEEP
12288:EPXqahuwJqPbKWA7FtUhUopAbm6rkpBcZvmbEAhQy:W6aGKTFKhrpWm6rFvWEAKy
Static task
static1
Behavioral task
behavioral1
Sample
dd7526e78e317b1bd3873e2536a6e87932f140743c89e80b4f99abf522e6c3f9.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.tasdanlar.com.tr - Port:
21 - Username:
kizzy01@tasdanlar.com.tr - Password:
T,N-5SD@]@26
Targets
-
-
Target
dd7526e78e317b1bd3873e2536a6e87932f140743c89e80b4f99abf522e6c3f9
-
Size
473KB
-
MD5
18e1a962b365f75f8c7e7b3b1985f2a2
-
SHA1
6672f2dde2660b905c9c96c1042035819fc06408
-
SHA256
dd7526e78e317b1bd3873e2536a6e87932f140743c89e80b4f99abf522e6c3f9
-
SHA512
e98cb0e0fe2c0e4d0e2534f4f331e238cb3a3f80f772c4dc97d539346fa6d6a51b2d8c48320b0fd8452b5101ee1820a65ced1eee8f9c5d9a24e3c575f8418891
-
SSDEEP
12288:EPXqahuwJqPbKWA7FtUhUopAbm6rkpBcZvmbEAhQy:W6aGKTFKhrpWm6rFvWEAKy
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-