General
-
Target
eb101016fbb2e91676a00cd9f3ab506fad474ca85eedd7e460cbb40f7702b9fc
-
Size
344KB
-
Sample
221004-dalj4ahfcq
-
MD5
6beacce13c96c66a297d53628aa8fd10
-
SHA1
01243b027905fc2a34ced86d8ea417aa41295da7
-
SHA256
eb101016fbb2e91676a00cd9f3ab506fad474ca85eedd7e460cbb40f7702b9fc
-
SHA512
b97b3720724dc80b52750e7abe9a7fe4e71875f10303be666cbe00a006f0cc5d81d53ced9657d2b62be341780af3ad25db66f61f10b5ba2d8065e6c748d89424
-
SSDEEP
6144:jLHDC/d44Cvg2bxaMRRIWa+i0cQEWN4peLzkIlsCmi+LUA:/W/d5SxJRIL0lEWmELz8Cmi+LX
Static task
static1
Behavioral task
behavioral1
Sample
eb101016fbb2e91676a00cd9f3ab506fad474ca85eedd7e460cbb40f7702b9fc.exe
Resource
win7-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
ahmed.khan.80@mail.ru - Password:
ogechukwu234
Targets
-
-
Target
eb101016fbb2e91676a00cd9f3ab506fad474ca85eedd7e460cbb40f7702b9fc
-
Size
344KB
-
MD5
6beacce13c96c66a297d53628aa8fd10
-
SHA1
01243b027905fc2a34ced86d8ea417aa41295da7
-
SHA256
eb101016fbb2e91676a00cd9f3ab506fad474ca85eedd7e460cbb40f7702b9fc
-
SHA512
b97b3720724dc80b52750e7abe9a7fe4e71875f10303be666cbe00a006f0cc5d81d53ced9657d2b62be341780af3ad25db66f61f10b5ba2d8065e6c748d89424
-
SSDEEP
6144:jLHDC/d44Cvg2bxaMRRIWa+i0cQEWN4peLzkIlsCmi+LUA:/W/d5SxJRIL0lEWmELz8Cmi+LX
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-