General
-
Target
6d77af2702686dd88c98ad3b7ce1c2a33e6909c80ce33a1446fcc5f9e214726a
-
Size
502KB
-
Sample
221124-llhlkshc8v
-
MD5
9a3b13aa4ea56d8de8e9faa388dbe2ce
-
SHA1
f087b000b588711bb124b80f8b341629b4dcb298
-
SHA256
6d77af2702686dd88c98ad3b7ce1c2a33e6909c80ce33a1446fcc5f9e214726a
-
SHA512
98b1c096a6a2b043e3273fb57419a849a3dc477e13090c374beeffb9d0338f019c26d7ee7e5429815d04b1e274d08aeacbce9e0a11b6fceb0ff673e915dba3b5
-
SSDEEP
6144:3bS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9m8HT:3QtqB5urTIoYWBQk1E+VF9mOx9m6
Static task
static1
Behavioral task
behavioral1
Sample
6d77af2702686dd88c98ad3b7ce1c2a33e6909c80ce33a1446fcc5f9e214726a.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6d77af2702686dd88c98ad3b7ce1c2a33e6909c80ce33a1446fcc5f9e214726a.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
law_rence0
Targets
-
-
Target
6d77af2702686dd88c98ad3b7ce1c2a33e6909c80ce33a1446fcc5f9e214726a
-
Size
502KB
-
MD5
9a3b13aa4ea56d8de8e9faa388dbe2ce
-
SHA1
f087b000b588711bb124b80f8b341629b4dcb298
-
SHA256
6d77af2702686dd88c98ad3b7ce1c2a33e6909c80ce33a1446fcc5f9e214726a
-
SHA512
98b1c096a6a2b043e3273fb57419a849a3dc477e13090c374beeffb9d0338f019c26d7ee7e5429815d04b1e274d08aeacbce9e0a11b6fceb0ff673e915dba3b5
-
SSDEEP
6144:3bS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9m8HT:3QtqB5urTIoYWBQk1E+VF9mOx9m6
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-