General
-
Target
d131e76b94ca9e449e9c8e6c4d0bd25be85eda6801cfab70be5ad55c3acc8c5e
-
Size
580KB
-
Sample
221001-28dtxacfgn
-
MD5
4abef405242feeca863440aa9fe0fab0
-
SHA1
7dbf59ec9f17ca4ae897696d5f3257d18cfc6d59
-
SHA256
d131e76b94ca9e449e9c8e6c4d0bd25be85eda6801cfab70be5ad55c3acc8c5e
-
SHA512
66ba8b09059fc92f9c28f652c67590d02fa27c8e5c45dbefc9f222640ce5518ab59b4e3c91b9fbfeaf5b5e86cdf560e1569ab507a1209982aeec3f2a9ef09c2c
-
SSDEEP
12288:viLnAi+WNwk4+QxvDU0Ce/jydFuwm0TJKIt/oLF4uIky:vWAiHF4+QZDU0ZjydFjj1KIZoLF4uq
Static task
static1
Behavioral task
behavioral1
Sample
INV209110.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
INV209110.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
globelegoa@gmail.com - Password:
jolin4all
Targets
-
-
Target
INV209110.exe
-
Size
624KB
-
MD5
7102e1e2f90c4de07b4cb3c4731e32de
-
SHA1
74d490ddbc23fab9ca8585207bb57a37c3ff7ab1
-
SHA256
59c75bcaf6850e4353ca7e7b0531be4d38920234d9b6dfc6f102a820a179fc20
-
SHA512
6ace7bd661d5715fedf5cde374ea892f5a4929a582d3517ce4d3ab20d1cdb81edf9e7fd0ba2946c98399c459ded6e2925305027f960ffc2a2b624b55742f2e99
-
SSDEEP
12288:qbG3ouwHVAP4IFYxUSsO8IGIi5svmIie8dK5/3k1QVbW5/Eo+K/5smpB:qSoH1e46YoI85suIieMK5Pk1Qq9Eo+ab
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-