General
-
Target
ac6e643d7a21b7bdc79a749aabc30d7c54fc02e08a7a6a40ce71d472e3611105
-
Size
756KB
-
Sample
221003-a6y9aahef9
-
MD5
3ebe850377e3258d0b8f63e2d2f1cb30
-
SHA1
0a93afbf0a1684c140e159dcda1f1b7336501d59
-
SHA256
ac6e643d7a21b7bdc79a749aabc30d7c54fc02e08a7a6a40ce71d472e3611105
-
SHA512
22ff7581945abed82b22428276bc1a0e9fb96f5b854b4651a8a7ad0321c6c70787134056ce4181c4cd0f299944b4a7a2cb3736966d566b4937777c8a7929298e
-
SSDEEP
12288:I3qBtw2tZ/gDOiWzZx8U9tzLqUTODF/9hKBycUzGpgvFtb7lgZ:I3qLptZIAkoh4ZnHTSZ
Static task
static1
Behavioral task
behavioral1
Sample
ac6e643d7a21b7bdc79a749aabc30d7c54fc02e08a7a6a40ce71d472e3611105.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ac6e643d7a21b7bdc79a749aabc30d7c54fc02e08a7a6a40ce71d472e3611105.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
danologa2@gmail.com - Password:
gzccetvqpmnidjbp
Extracted
Protocol: ftp- Host:
ftp.freehostia.com - Port:
21 - Username:
danlog908 - Password:
dan123
Targets
-
-
Target
ac6e643d7a21b7bdc79a749aabc30d7c54fc02e08a7a6a40ce71d472e3611105
-
Size
756KB
-
MD5
3ebe850377e3258d0b8f63e2d2f1cb30
-
SHA1
0a93afbf0a1684c140e159dcda1f1b7336501d59
-
SHA256
ac6e643d7a21b7bdc79a749aabc30d7c54fc02e08a7a6a40ce71d472e3611105
-
SHA512
22ff7581945abed82b22428276bc1a0e9fb96f5b854b4651a8a7ad0321c6c70787134056ce4181c4cd0f299944b4a7a2cb3736966d566b4937777c8a7929298e
-
SSDEEP
12288:I3qBtw2tZ/gDOiWzZx8U9tzLqUTODF/9hKBycUzGpgvFtb7lgZ:I3qLptZIAkoh4ZnHTSZ
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-