General
-
Target
fa21bc66b1024ede6ec86ab054350cd738dea8ad68c63bef8eeadf27661a97a2
-
Size
747KB
-
Sample
221124-gwn4wsge61
-
MD5
c0f8d6e6de7e66c2fac32b5a8909574d
-
SHA1
6b04d553eb612a53e3a56b0785db8bd1031e0efe
-
SHA256
fa21bc66b1024ede6ec86ab054350cd738dea8ad68c63bef8eeadf27661a97a2
-
SHA512
d8eaea3476682f394c41b8a0a4c25eb73c71e8346b40d6c9f4698abce4bb4d133197fa824c27c31b22663b5b568dd61fdd190cc56055a5988cf66f4bdcfe900f
-
SSDEEP
12288:V/nLsOy/13K4rAPJYLGMLTYEG/jiLkMfe3d1Y1YExsL7a1Zhn1p:VfLBIK4raJx4O1OYExsL7eZl
Static task
static1
Behavioral task
behavioral1
Sample
fa21bc66b1024ede6ec86ab054350cd738dea8ad68c63bef8eeadf27661a97a2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fa21bc66b1024ede6ec86ab054350cd738dea8ad68c63bef8eeadf27661a97a2.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.aol.com - Port:
587 - Username:
[email protected] - Password:
makemoney147
Targets
-
-
Target
fa21bc66b1024ede6ec86ab054350cd738dea8ad68c63bef8eeadf27661a97a2
-
Size
747KB
-
MD5
c0f8d6e6de7e66c2fac32b5a8909574d
-
SHA1
6b04d553eb612a53e3a56b0785db8bd1031e0efe
-
SHA256
fa21bc66b1024ede6ec86ab054350cd738dea8ad68c63bef8eeadf27661a97a2
-
SHA512
d8eaea3476682f394c41b8a0a4c25eb73c71e8346b40d6c9f4698abce4bb4d133197fa824c27c31b22663b5b568dd61fdd190cc56055a5988cf66f4bdcfe900f
-
SSDEEP
12288:V/nLsOy/13K4rAPJYLGMLTYEG/jiLkMfe3d1Y1YExsL7a1Zhn1p:VfLBIK4raJx4O1OYExsL7eZl
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-