General
-
Target
4a214ca2c8d321edeab9493c5947d7e0c7ba6575abbb45fc719aff42640cda88
-
Size
600KB
-
Sample
221125-ccp5magc91
-
MD5
27d84e58000078a566602e597aa73186
-
SHA1
0521b65491fedad4f142baef107f4a691f3f5c06
-
SHA256
4a214ca2c8d321edeab9493c5947d7e0c7ba6575abbb45fc719aff42640cda88
-
SHA512
1c26a751ca202de1deb6aee5da533b5fcedea4b530bb15f3e8ca06398519d6180e6735bd522949d2a3d0091ff804036278c79b87dc1e3bb84d9234606c8736c8
-
SSDEEP
12288:MBtdzSMfWEGgEgt1rrRRXV3p+96cQP48KieqFrAoZlNFKihqw8:MBt89EbEe1rrV3p+9VQPFeqFrVZNP
Static task
static1
Behavioral task
behavioral1
Sample
4a214ca2c8d321edeab9493c5947d7e0c7ba6575abbb45fc719aff42640cda88.exe
Resource
win7-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
overcomer123
Targets
-
-
Target
4a214ca2c8d321edeab9493c5947d7e0c7ba6575abbb45fc719aff42640cda88
-
Size
600KB
-
MD5
27d84e58000078a566602e597aa73186
-
SHA1
0521b65491fedad4f142baef107f4a691f3f5c06
-
SHA256
4a214ca2c8d321edeab9493c5947d7e0c7ba6575abbb45fc719aff42640cda88
-
SHA512
1c26a751ca202de1deb6aee5da533b5fcedea4b530bb15f3e8ca06398519d6180e6735bd522949d2a3d0091ff804036278c79b87dc1e3bb84d9234606c8736c8
-
SSDEEP
12288:MBtdzSMfWEGgEgt1rrRRXV3p+96cQP48KieqFrAoZlNFKihqw8:MBt89EbEe1rrV3p+9VQPFeqFrVZNP
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-