General
-
Target
8d0e8347917b30654f1233bd473a0ef9f844a82b92bb39244bd7b47fa25263f3
-
Size
533KB
-
Sample
221124-2dg8vagd2t
-
MD5
d662901d7cf2ce726f56de9a222de187
-
SHA1
44c7024cc2b85019594eb1f84cfaf4be17e77834
-
SHA256
8d0e8347917b30654f1233bd473a0ef9f844a82b92bb39244bd7b47fa25263f3
-
SHA512
bd67fb428e94847c358ca6cca3f459c285cbc3fe6a38a4111906a864ceb6ad0538807cf9ac967bc7eb8075f9d791576b3db00fb55d4ad1f482175a61df9a50ea
-
SSDEEP
6144:DuRqpNQbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9x:UQtqB5urTIoYWBQk1E+VF9mOx9
Static task
static1
Behavioral task
behavioral1
Sample
8d0e8347917b30654f1233bd473a0ef9f844a82b92bb39244bd7b47fa25263f3.exe
Resource
win7-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
2525 - Username:
[email protected] - Password:
lagos2013
Targets
-
-
Target
8d0e8347917b30654f1233bd473a0ef9f844a82b92bb39244bd7b47fa25263f3
-
Size
533KB
-
MD5
d662901d7cf2ce726f56de9a222de187
-
SHA1
44c7024cc2b85019594eb1f84cfaf4be17e77834
-
SHA256
8d0e8347917b30654f1233bd473a0ef9f844a82b92bb39244bd7b47fa25263f3
-
SHA512
bd67fb428e94847c358ca6cca3f459c285cbc3fe6a38a4111906a864ceb6ad0538807cf9ac967bc7eb8075f9d791576b3db00fb55d4ad1f482175a61df9a50ea
-
SSDEEP
6144:DuRqpNQbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9x:UQtqB5urTIoYWBQk1E+VF9mOx9
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-