General
-
Target
1f678d0c4b5990486f085f468820c427461a7f3a60f9909b19775d6950b967a4
-
Size
601KB
-
Sample
221003-bxvp6safg2
-
MD5
505ad36196d531d69ddd25d7a6fa89f0
-
SHA1
8fe9dddb87b01531212c2b893d55b7fd67eaf6d8
-
SHA256
1f678d0c4b5990486f085f468820c427461a7f3a60f9909b19775d6950b967a4
-
SHA512
06f30ecb334e28960de41b8f4071932f17e5a88cd80fe2b25d374b0f9bd76a0f8e68bea12dffea3550d86795ed62aa3bbed4514c40a86e3f5031a6c971ae318e
-
SSDEEP
12288:0eQRGw4W1xZ++u9YixSRsGFV4ljdw8h2qCEkT:0bRG/W1xZ+J9pSCM4lJ
Static task
static1
Behavioral task
behavioral1
Sample
1f678d0c4b5990486f085f468820c427461a7f3a60f9909b19775d6950b967a4.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
crissunslogs@gmail.com - Password:
samsung05@@@
Targets
-
-
Target
1f678d0c4b5990486f085f468820c427461a7f3a60f9909b19775d6950b967a4
-
Size
601KB
-
MD5
505ad36196d531d69ddd25d7a6fa89f0
-
SHA1
8fe9dddb87b01531212c2b893d55b7fd67eaf6d8
-
SHA256
1f678d0c4b5990486f085f468820c427461a7f3a60f9909b19775d6950b967a4
-
SHA512
06f30ecb334e28960de41b8f4071932f17e5a88cd80fe2b25d374b0f9bd76a0f8e68bea12dffea3550d86795ed62aa3bbed4514c40a86e3f5031a6c971ae318e
-
SSDEEP
12288:0eQRGw4W1xZ++u9YixSRsGFV4ljdw8h2qCEkT:0bRG/W1xZ+J9pSCM4lJ
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-