General
-
Target
e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3
-
Size
533KB
-
Sample
221124-whbnzadf8s
-
MD5
d28f2b1c2a803cb6da37464970ee3d36
-
SHA1
df311795b419aa0c4953ce281726fca845d97c41
-
SHA256
e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3
-
SHA512
d8da99a262f6e3ef04c7edd9584de8a5db23e6799d9d767eeb106209bc3496e2fe6494d52c9b3d01bba21027897c3825020f12f495b79080b0e9c3ba88ecb2ee
-
SSDEEP
6144:oujqcCbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx91:aQtqB5urTIoYWBQk1E+VF9mOx9
Static task
static1
Behavioral task
behavioral1
Sample
e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
monday1234567890
Targets
-
-
Target
e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3
-
Size
533KB
-
MD5
d28f2b1c2a803cb6da37464970ee3d36
-
SHA1
df311795b419aa0c4953ce281726fca845d97c41
-
SHA256
e2cbf833fa1ffc5fa51c79678e27568e8bb448dd803d53f6b19e8fa3cbfc1ca3
-
SHA512
d8da99a262f6e3ef04c7edd9584de8a5db23e6799d9d767eeb106209bc3496e2fe6494d52c9b3d01bba21027897c3825020f12f495b79080b0e9c3ba88ecb2ee
-
SSDEEP
6144:oujqcCbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx91:aQtqB5urTIoYWBQk1E+VF9mOx9
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-