General
-
Target
4307c2f0803cfdc58e213c964646dbc2cfa965a52fa3814f36344b1236aa7f26
-
Size
1.6MB
-
Sample
221126-kke9dsfa74
-
MD5
4cf57fa727908098c71016a2625227fe
-
SHA1
90eb16626af1b2702ff2dcf917d3cf420c16371d
-
SHA256
4307c2f0803cfdc58e213c964646dbc2cfa965a52fa3814f36344b1236aa7f26
-
SHA512
5a1f050038b760fff2825eaa27fe8ba11afd4310c7e3ec3bb7a9b47d7d323f434ebbb886ea575c8712ee7ff1d96c267390f187b7ac24083fe05acc08c711f50e
-
SSDEEP
49152:LcUgV2tQKD3ZxVhojQczd+kIsu7k71LlRRpb6:vtprfosczdfuU1Lzb
Static task
static1
Behavioral task
behavioral1
Sample
4307c2f0803cfdc58e213c964646dbc2cfa965a52fa3814f36344b1236aa7f26.exe
Resource
win7-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
okahmkyfgztfwemq
Targets
-
-
Target
4307c2f0803cfdc58e213c964646dbc2cfa965a52fa3814f36344b1236aa7f26
-
Size
1.6MB
-
MD5
4cf57fa727908098c71016a2625227fe
-
SHA1
90eb16626af1b2702ff2dcf917d3cf420c16371d
-
SHA256
4307c2f0803cfdc58e213c964646dbc2cfa965a52fa3814f36344b1236aa7f26
-
SHA512
5a1f050038b760fff2825eaa27fe8ba11afd4310c7e3ec3bb7a9b47d7d323f434ebbb886ea575c8712ee7ff1d96c267390f187b7ac24083fe05acc08c711f50e
-
SSDEEP
49152:LcUgV2tQKD3ZxVhojQczd+kIsu7k71LlRRpb6:vtprfosczdfuU1Lzb
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-