General
-
Target
a20ac4fecec76e2d604a04400466f55ad5e7f9caa6ce9e2a135e88bac9cc4e5d
-
Size
754KB
-
Sample
221125-v42xlsfh3y
-
MD5
bb9c508022b4a40e2a23d5a9c80c74b5
-
SHA1
e7efb7f0187452345e25a2486519fbd2db99e050
-
SHA256
a20ac4fecec76e2d604a04400466f55ad5e7f9caa6ce9e2a135e88bac9cc4e5d
-
SHA512
87584f8acd5e672ec1072bda2dd9a6884b4519e388c1e3bacdcfd5a1670c224c942e1a8bd900cb04bad8092da533cd88c4588dee3610beaf54408934df274d75
-
SSDEEP
12288:p1jdALZeOUKBbUn/z0JVbHhAzruwKi3Zjh9wGepagkl2cuo1iR2fFb:pZdA1eXKBe/zAOGwKeFh9Re2YcHq2f
Static task
static1
Behavioral task
behavioral1
Sample
a20ac4fecec76e2d604a04400466f55ad5e7f9caa6ce9e2a135e88bac9cc4e5d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a20ac4fecec76e2d604a04400466f55ad5e7f9caa6ce9e2a135e88bac9cc4e5d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
impact110
Targets
-
-
Target
a20ac4fecec76e2d604a04400466f55ad5e7f9caa6ce9e2a135e88bac9cc4e5d
-
Size
754KB
-
MD5
bb9c508022b4a40e2a23d5a9c80c74b5
-
SHA1
e7efb7f0187452345e25a2486519fbd2db99e050
-
SHA256
a20ac4fecec76e2d604a04400466f55ad5e7f9caa6ce9e2a135e88bac9cc4e5d
-
SHA512
87584f8acd5e672ec1072bda2dd9a6884b4519e388c1e3bacdcfd5a1670c224c942e1a8bd900cb04bad8092da533cd88c4588dee3610beaf54408934df274d75
-
SSDEEP
12288:p1jdALZeOUKBbUn/z0JVbHhAzruwKi3Zjh9wGepagkl2cuo1iR2fFb:pZdA1eXKBe/zAOGwKeFh9Re2YcHq2f
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-