General
-
Target
5f81c6852cc89916688dd380bf23185a1fcf2cd7fb5a93da32d22644ef0769c9
-
Size
856KB
-
Sample
221126-rdsz8scf2y
-
MD5
6796097989ff8aa921d83d2a3553bb21
-
SHA1
ccd7805053b00b3e14b703517662a0036f95acbb
-
SHA256
5f81c6852cc89916688dd380bf23185a1fcf2cd7fb5a93da32d22644ef0769c9
-
SHA512
12262825e17afac04f28ff4eb986aaccf0f615f010fd9e8e043f423c65be64ad8a2508b9bce1da901e20d5770a97af447a384d5c9a76d162d19ba51a288747ae
-
SSDEEP
24576:rEe1hYtljbiiIq9r+EpPinL6dTVUnCzoChg9:oeI/jvIq9v86dTVUnCzoCc
Static task
static1
Behavioral task
behavioral1
Sample
5f81c6852cc89916688dd380bf23185a1fcf2cd7fb5a93da32d22644ef0769c9.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.acsbaroda.com - Port:
587 - Username:
[email protected] - Password:
Admin1975*
Targets
-
-
Target
5f81c6852cc89916688dd380bf23185a1fcf2cd7fb5a93da32d22644ef0769c9
-
Size
856KB
-
MD5
6796097989ff8aa921d83d2a3553bb21
-
SHA1
ccd7805053b00b3e14b703517662a0036f95acbb
-
SHA256
5f81c6852cc89916688dd380bf23185a1fcf2cd7fb5a93da32d22644ef0769c9
-
SHA512
12262825e17afac04f28ff4eb986aaccf0f615f010fd9e8e043f423c65be64ad8a2508b9bce1da901e20d5770a97af447a384d5c9a76d162d19ba51a288747ae
-
SSDEEP
24576:rEe1hYtljbiiIq9r+EpPinL6dTVUnCzoChg9:oeI/jvIq9v86dTVUnCzoCc
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-