General
-
Target
4067eee97faeeab097c0f19df5365f49c1086f5dac53f9232a57c69a78ab2931
-
Size
996KB
-
Sample
221126-prv1msfh5x
-
MD5
9be86345d3a056af7b60f77e663a39db
-
SHA1
cc3f171273e013109be2a04a75100e19ea1215b0
-
SHA256
4067eee97faeeab097c0f19df5365f49c1086f5dac53f9232a57c69a78ab2931
-
SHA512
62a55fbaf2ffe0ca5703798a72f94194211a0216a3b18c49e49a0196d01fd863f09c5816d8749f1f4b08aeb1cbd82c26b25d1fe0f4432862e45fb116b586c4c3
-
SSDEEP
24576:pmRm0Jb4Dr7eiUTuz1aO7+1lYHbD7BBTQ/V:BQO/evCUWt7DfQ
Static task
static1
Behavioral task
behavioral1
Sample
4067eee97faeeab097c0f19df5365f49c1086f5dac53f9232a57c69a78ab2931.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.mattroy.com - Port:
587 - Username:
[email protected] - Password:
N!ssan7a
Targets
-
-
Target
4067eee97faeeab097c0f19df5365f49c1086f5dac53f9232a57c69a78ab2931
-
Size
996KB
-
MD5
9be86345d3a056af7b60f77e663a39db
-
SHA1
cc3f171273e013109be2a04a75100e19ea1215b0
-
SHA256
4067eee97faeeab097c0f19df5365f49c1086f5dac53f9232a57c69a78ab2931
-
SHA512
62a55fbaf2ffe0ca5703798a72f94194211a0216a3b18c49e49a0196d01fd863f09c5816d8749f1f4b08aeb1cbd82c26b25d1fe0f4432862e45fb116b586c4c3
-
SSDEEP
24576:pmRm0Jb4Dr7eiUTuz1aO7+1lYHbD7BBTQ/V:BQO/evCUWt7DfQ
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-