General
-
Target
13b49f79770901f3da5366e2035e87c3bfb34f72c224639c05d25e5a3fa56512
-
Size
449KB
-
Sample
221123-xbp4fsee45
-
MD5
494cc39f9eeaa66ab2169599de41049c
-
SHA1
160ff6440e939ae1a7e51a21a19a5fff7e26a26d
-
SHA256
13b49f79770901f3da5366e2035e87c3bfb34f72c224639c05d25e5a3fa56512
-
SHA512
22e3a2ea2b9b5aa8c8102201ee1e8248cba523fb1cb4a3b3659d2a26f5af9fcf477797af4d50143270b98d43557961c2ba3c285664a974d973e6b170b102f1da
-
SSDEEP
6144:kYz7/nTM52rAYJILXnbXt5zTDFGPMR3E0CgcbDeP06VGmwvSgFEyBLiUK:/vTMMrqL37t5/oMdKE0xBLiUK
Static task
static1
Behavioral task
behavioral1
Sample
13b49f79770901f3da5366e2035e87c3bfb34f72c224639c05d25e5a3fa56512.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
13b49f79770901f3da5366e2035e87c3bfb34f72c224639c05d25e5a3fa56512.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
1234567oko
Targets
-
-
Target
13b49f79770901f3da5366e2035e87c3bfb34f72c224639c05d25e5a3fa56512
-
Size
449KB
-
MD5
494cc39f9eeaa66ab2169599de41049c
-
SHA1
160ff6440e939ae1a7e51a21a19a5fff7e26a26d
-
SHA256
13b49f79770901f3da5366e2035e87c3bfb34f72c224639c05d25e5a3fa56512
-
SHA512
22e3a2ea2b9b5aa8c8102201ee1e8248cba523fb1cb4a3b3659d2a26f5af9fcf477797af4d50143270b98d43557961c2ba3c285664a974d973e6b170b102f1da
-
SSDEEP
6144:kYz7/nTM52rAYJILXnbXt5zTDFGPMR3E0CgcbDeP06VGmwvSgFEyBLiUK:/vTMMrqL37t5/oMdKE0xBLiUK
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-