General
-
Target
c3e706c265053fde0fbe9467bc0c4b8281d50ff0c3a5b89959257c567a53fa9e
-
Size
573KB
-
Sample
221123-xbd17aee24
-
MD5
c06436867bbbdad438210151102d3c09
-
SHA1
da5e403515de4cdf8ec92513fdc5fcb37bef4136
-
SHA256
c3e706c265053fde0fbe9467bc0c4b8281d50ff0c3a5b89959257c567a53fa9e
-
SHA512
93a3b55460eff46e89e9229cb5996b6d2122faae20b308c2a49c852a1d06586016f254e43e1fd25865c783a223bae2bffcb425e0e20fb88adc907a2c8a7899b2
-
SSDEEP
12288:EY0DAwG5x+Xjw/ondRUCPoq8d3aDZPOJ3:E/AwGzUw8HUCQqoeOJ3
Static task
static1
Behavioral task
behavioral1
Sample
c3e706c265053fde0fbe9467bc0c4b8281d50ff0c3a5b89959257c567a53fa9e.exe
Resource
win7-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
[email protected] - Password:
general123
Targets
-
-
Target
c3e706c265053fde0fbe9467bc0c4b8281d50ff0c3a5b89959257c567a53fa9e
-
Size
573KB
-
MD5
c06436867bbbdad438210151102d3c09
-
SHA1
da5e403515de4cdf8ec92513fdc5fcb37bef4136
-
SHA256
c3e706c265053fde0fbe9467bc0c4b8281d50ff0c3a5b89959257c567a53fa9e
-
SHA512
93a3b55460eff46e89e9229cb5996b6d2122faae20b308c2a49c852a1d06586016f254e43e1fd25865c783a223bae2bffcb425e0e20fb88adc907a2c8a7899b2
-
SSDEEP
12288:EY0DAwG5x+Xjw/ondRUCPoq8d3aDZPOJ3:E/AwGzUw8HUCQqoeOJ3
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-