General
-
Target
7bfc0bfc9d1ac21374447b419ec895b4c5f869313b09864b5d43c94264faa859
-
Size
516KB
-
Sample
221125-tcsn7acg3z
-
MD5
27535665725b1b63c8278c9351282081
-
SHA1
d3b39aae440180e958e46d6f6b608564a400ecf0
-
SHA256
7bfc0bfc9d1ac21374447b419ec895b4c5f869313b09864b5d43c94264faa859
-
SHA512
b61642e82dde8a7d1693727337d9b664a26f0e9d8ea8f3d114e91fd1e54c79c1c67189b0814510b3f7060cd4370b304132fa11f4104adf5fb966d9cd299a9bde
-
SSDEEP
12288:7+gkMv2OHfbs3Qyu0UTLNhiUGuecoknF4Yp13+uOW3p8FKA5:7+Hc2OwMLNhGyomOYX+4mT
Static task
static1
Behavioral task
behavioral1
Sample
7bfc0bfc9d1ac21374447b419ec895b4c5f869313b09864b5d43c94264faa859.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7bfc0bfc9d1ac21374447b419ec895b4c5f869313b09864b5d43c94264faa859.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
sasuke2013
Targets
-
-
Target
7bfc0bfc9d1ac21374447b419ec895b4c5f869313b09864b5d43c94264faa859
-
Size
516KB
-
MD5
27535665725b1b63c8278c9351282081
-
SHA1
d3b39aae440180e958e46d6f6b608564a400ecf0
-
SHA256
7bfc0bfc9d1ac21374447b419ec895b4c5f869313b09864b5d43c94264faa859
-
SHA512
b61642e82dde8a7d1693727337d9b664a26f0e9d8ea8f3d114e91fd1e54c79c1c67189b0814510b3f7060cd4370b304132fa11f4104adf5fb966d9cd299a9bde
-
SSDEEP
12288:7+gkMv2OHfbs3Qyu0UTLNhiUGuecoknF4Yp13+uOW3p8FKA5:7+Hc2OwMLNhGyomOYX+4mT
-
Modifies WinLogon for persistence
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-