General
-
Target
2a2b9a3b16a34ffad6f86d00345e0f15d7a2fe4b17f15c8fac890833ba965b7c
-
Size
558KB
-
Sample
221126-2v2c2seg4y
-
MD5
f1133ee0e7ec614d3864a8e52b44bb3b
-
SHA1
2f24924bca53bc0377717f2966d8d948ee71a256
-
SHA256
2a2b9a3b16a34ffad6f86d00345e0f15d7a2fe4b17f15c8fac890833ba965b7c
-
SHA512
0da38a197e820985607b43dae5b033e28529ff4db4a3013b511a34e2d16c418ef5bba3fe3e2a494c3c20598dfab1afd333d1aeea980e981d17be59127b3e8150
-
SSDEEP
12288:zATMTKNEKa21c1KK//PihgMgwv6IPywbUo6o0sv3rqY+thql5/Ad344mVu:zeMwbJ1c3/nihgMgwkwgnYzh
Static task
static1
Behavioral task
behavioral1
Sample
2a2b9a3b16a34ffad6f86d00345e0f15d7a2fe4b17f15c8fac890833ba965b7c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2a2b9a3b16a34ffad6f86d00345e0f15d7a2fe4b17f15c8fac890833ba965b7c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
qwerty@12345
Targets
-
-
Target
2a2b9a3b16a34ffad6f86d00345e0f15d7a2fe4b17f15c8fac890833ba965b7c
-
Size
558KB
-
MD5
f1133ee0e7ec614d3864a8e52b44bb3b
-
SHA1
2f24924bca53bc0377717f2966d8d948ee71a256
-
SHA256
2a2b9a3b16a34ffad6f86d00345e0f15d7a2fe4b17f15c8fac890833ba965b7c
-
SHA512
0da38a197e820985607b43dae5b033e28529ff4db4a3013b511a34e2d16c418ef5bba3fe3e2a494c3c20598dfab1afd333d1aeea980e981d17be59127b3e8150
-
SSDEEP
12288:zATMTKNEKa21c1KK//PihgMgwv6IPywbUo6o0sv3rqY+thql5/Ad344mVu:zeMwbJ1c3/nihgMgwkwgnYzh
-
Modifies WinLogon for persistence
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-