General
-
Target
7f7af2a04e3a448078a458559a757f1460481e7548c8f63361cb28e50373fd9f
-
Size
664KB
-
Sample
221125-vkeb7sbg95
-
MD5
5919a7ccf6d76ed841dce48369da540a
-
SHA1
4fc953413eb0783afe3bec31b1b24a3c4b422ef6
-
SHA256
7f7af2a04e3a448078a458559a757f1460481e7548c8f63361cb28e50373fd9f
-
SHA512
0a982e5382fdfd05f9251a213d847f695583940cad2ecafc4b88e11f10d08a31f1000ac249fb5ea585cf426fa87fc3815f735faff297bc6987027dfce483a9cf
-
SSDEEP
12288:kIwGukpCZ3yn7ltW0HJtKDL7p6TUCVftOtDcZ6evtlsEOFPNnoGH7:r70cW0HJtK7p6TtO9cZ6ebhcP
Static task
static1
Behavioral task
behavioral1
Sample
7f7af2a04e3a448078a458559a757f1460481e7548c8f63361cb28e50373fd9f.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
[email protected] - Password:
steve12345
Targets
-
-
Target
7f7af2a04e3a448078a458559a757f1460481e7548c8f63361cb28e50373fd9f
-
Size
664KB
-
MD5
5919a7ccf6d76ed841dce48369da540a
-
SHA1
4fc953413eb0783afe3bec31b1b24a3c4b422ef6
-
SHA256
7f7af2a04e3a448078a458559a757f1460481e7548c8f63361cb28e50373fd9f
-
SHA512
0a982e5382fdfd05f9251a213d847f695583940cad2ecafc4b88e11f10d08a31f1000ac249fb5ea585cf426fa87fc3815f735faff297bc6987027dfce483a9cf
-
SSDEEP
12288:kIwGukpCZ3yn7ltW0HJtKDL7p6TUCVftOtDcZ6evtlsEOFPNnoGH7:r70cW0HJtK7p6TtO9cZ6ebhcP
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-