General
-
Target
88f997f18f256c0fe430a3e67985240658df23d91515f35fb892c1d351e66225
-
Size
660KB
-
Sample
221003-b8py3acgan
-
MD5
382fe2ae4b65151d54c8e2cdb68d81f0
-
SHA1
8912bfa32dc04915bdd67feba30f5fc36c67ec94
-
SHA256
88f997f18f256c0fe430a3e67985240658df23d91515f35fb892c1d351e66225
-
SHA512
e403034c84a3429559e0adc954aa9d3ba764aacab5d41e9f315eac3e572d7efd7b9bb32313ba84216d7e2129b444ce8a6d4e6a6db936fe3856cac043b7db1480
-
SSDEEP
12288:npT05KzSyeAk9i3eWfqaAFHBeb/4CxSbWgb+ov5DOGr0U/PkYKDO:np4yeAwi3RfqaOHEbwC0bWgaovNdYUHx
Static task
static1
Behavioral task
behavioral1
Sample
88f997f18f256c0fe430a3e67985240658df23d91515f35fb892c1d351e66225.exe
Resource
win7-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
nofoozgaraan@gmail.com - Password:
BadbakhtBichare
Targets
-
-
Target
88f997f18f256c0fe430a3e67985240658df23d91515f35fb892c1d351e66225
-
Size
660KB
-
MD5
382fe2ae4b65151d54c8e2cdb68d81f0
-
SHA1
8912bfa32dc04915bdd67feba30f5fc36c67ec94
-
SHA256
88f997f18f256c0fe430a3e67985240658df23d91515f35fb892c1d351e66225
-
SHA512
e403034c84a3429559e0adc954aa9d3ba764aacab5d41e9f315eac3e572d7efd7b9bb32313ba84216d7e2129b444ce8a6d4e6a6db936fe3856cac043b7db1480
-
SSDEEP
12288:npT05KzSyeAk9i3eWfqaAFHBeb/4CxSbWgb+ov5DOGr0U/PkYKDO:np4yeAwi3RfqaOHEbwC0bWgaovNdYUHx
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-