General
-
Target
4bd7075cfacf1940c00cb60328ee20190a618d38023e2cb35a302a3903435b5d
-
Size
744KB
-
Sample
221122-yebwnsac81
-
MD5
2a5c407e1e79a2291a6920a023eac0c3
-
SHA1
7ac9bab12fd48ae21f59cdef5bb8e4fdb99f6f89
-
SHA256
4bd7075cfacf1940c00cb60328ee20190a618d38023e2cb35a302a3903435b5d
-
SHA512
5204916f50def7bcefebcb2dd33410e7af7ed952f64a3ad2da9cc495be85813d055692d3b469eb5094c0938ecc04d5f70bd9541e9ff824a76c3369661cbd6705
-
SSDEEP
12288:8hvk3gqRvyIF0uR5vWPz6qQrKfDT3BwhmlI8Aq:gXOWL7zAq
Static task
static1
Behavioral task
behavioral1
Sample
4bd7075cfacf1940c00cb60328ee20190a618d38023e2cb35a302a3903435b5d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4bd7075cfacf1940c00cb60328ee20190a618d38023e2cb35a302a3903435b5d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.strato.com - Port:
21 - Username:
[email protected] - Password:
220-bjcfrank
Targets
-
-
Target
4bd7075cfacf1940c00cb60328ee20190a618d38023e2cb35a302a3903435b5d
-
Size
744KB
-
MD5
2a5c407e1e79a2291a6920a023eac0c3
-
SHA1
7ac9bab12fd48ae21f59cdef5bb8e4fdb99f6f89
-
SHA256
4bd7075cfacf1940c00cb60328ee20190a618d38023e2cb35a302a3903435b5d
-
SHA512
5204916f50def7bcefebcb2dd33410e7af7ed952f64a3ad2da9cc495be85813d055692d3b469eb5094c0938ecc04d5f70bd9541e9ff824a76c3369661cbd6705
-
SSDEEP
12288:8hvk3gqRvyIF0uR5vWPz6qQrKfDT3BwhmlI8Aq:gXOWL7zAq
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-