General
-
Target
c07da50d1493840d29d161cc24f5e03e73ff63348c5445cd5e5aa6cced921643
-
Size
540KB
-
Sample
221124-yjf17aeg82
-
MD5
f2571f7e309c77d1bf9c042fdbb0fd43
-
SHA1
2e6b1ceaa2d9febaf3a174c16cc946a53a618d1c
-
SHA256
c07da50d1493840d29d161cc24f5e03e73ff63348c5445cd5e5aa6cced921643
-
SHA512
58e3a48e07740a1c041c7e15fcb110583e44def278d696fa3fc5ef5c66ec80c4d488459d7582b6bfc501a410b4294651189ac7efd82bc07284a1ab8c748b7c51
-
SSDEEP
12288:I6Jq+QtqB5urTIoYWBQk1E+VF9mOx9E1O:pQtqBorTlYWBhE+V3mO
Static task
static1
Behavioral task
behavioral1
Sample
c07da50d1493840d29d161cc24f5e03e73ff63348c5445cd5e5aa6cced921643.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c07da50d1493840d29d161cc24f5e03e73ff63348c5445cd5e5aa6cced921643.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
qwerty@12345
Targets
-
-
Target
c07da50d1493840d29d161cc24f5e03e73ff63348c5445cd5e5aa6cced921643
-
Size
540KB
-
MD5
f2571f7e309c77d1bf9c042fdbb0fd43
-
SHA1
2e6b1ceaa2d9febaf3a174c16cc946a53a618d1c
-
SHA256
c07da50d1493840d29d161cc24f5e03e73ff63348c5445cd5e5aa6cced921643
-
SHA512
58e3a48e07740a1c041c7e15fcb110583e44def278d696fa3fc5ef5c66ec80c4d488459d7582b6bfc501a410b4294651189ac7efd82bc07284a1ab8c748b7c51
-
SSDEEP
12288:I6Jq+QtqB5urTIoYWBQk1E+VF9mOx9E1O:pQtqBorTlYWBhE+V3mO
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-