General
-
Target
444db585b476cb752f99675dcce366db68261812111deb8ba59ab59f1c59d4a9
-
Size
592KB
-
Sample
221125-vh3xsabg45
-
MD5
e72e3c61788b28a0a6992500fe50b273
-
SHA1
1c4b6f92a57ac18219e27c6b312bf4b24a08b871
-
SHA256
444db585b476cb752f99675dcce366db68261812111deb8ba59ab59f1c59d4a9
-
SHA512
fa45a4949c357daf3edb5f14eb0cb625d2f88339f0e4974b203f20d5cdf53f045cb6c51daf750f3a6bb666fa435f38d3b57e997082114203ce68f92b4e1449c7
-
SSDEEP
12288:WdX4TPfF/uuu7zfXnEKKL94IjnfqKvYLsq/Fxlk:WdX4THh447fvYLtl
Static task
static1
Behavioral task
behavioral1
Sample
444db585b476cb752f99675dcce366db68261812111deb8ba59ab59f1c59d4a9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
444db585b476cb752f99675dcce366db68261812111deb8ba59ab59f1c59d4a9.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
qwerty@12345
Targets
-
-
Target
444db585b476cb752f99675dcce366db68261812111deb8ba59ab59f1c59d4a9
-
Size
592KB
-
MD5
e72e3c61788b28a0a6992500fe50b273
-
SHA1
1c4b6f92a57ac18219e27c6b312bf4b24a08b871
-
SHA256
444db585b476cb752f99675dcce366db68261812111deb8ba59ab59f1c59d4a9
-
SHA512
fa45a4949c357daf3edb5f14eb0cb625d2f88339f0e4974b203f20d5cdf53f045cb6c51daf750f3a6bb666fa435f38d3b57e997082114203ce68f92b4e1449c7
-
SSDEEP
12288:WdX4TPfF/uuu7zfXnEKKL94IjnfqKvYLsq/Fxlk:WdX4THh447fvYLtl
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-