General
-
Target
e83dad3415ee3ca0b095f78619f6cd578ae86c7672e6a0c28270bbd6cfcdc3d3
-
Size
730KB
-
Sample
221126-w3abmshc4z
-
MD5
28d8cdbaef107da7a4670c80a9dc91d9
-
SHA1
ece9bf576f8f458850b8ad48db034690e4ab529e
-
SHA256
e83dad3415ee3ca0b095f78619f6cd578ae86c7672e6a0c28270bbd6cfcdc3d3
-
SHA512
208d1a51d216d81b01b2ccd9323a7c1066aae2e1b511fc915ce82e5b3973656e1fb445e1ed5fffccc4cbc546214da7aeb77b0fe15f993608b63cf59c99413106
-
SSDEEP
12288:cRWNcr8oxncLH0BYXEZyXNbUQI6YrZdzL0wArkRhA6cfUGpXWO4GQQcWcCK7MY2n:3NBIcrctodbUl1larAhA9UsWtGs9Mlnn
Static task
static1
Behavioral task
behavioral1
Sample
e83dad3415ee3ca0b095f78619f6cd578ae86c7672e6a0c28270bbd6cfcdc3d3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e83dad3415ee3ca0b095f78619f6cd578ae86c7672e6a0c28270bbd6cfcdc3d3.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
tazbox782
Targets
-
-
Target
e83dad3415ee3ca0b095f78619f6cd578ae86c7672e6a0c28270bbd6cfcdc3d3
-
Size
730KB
-
MD5
28d8cdbaef107da7a4670c80a9dc91d9
-
SHA1
ece9bf576f8f458850b8ad48db034690e4ab529e
-
SHA256
e83dad3415ee3ca0b095f78619f6cd578ae86c7672e6a0c28270bbd6cfcdc3d3
-
SHA512
208d1a51d216d81b01b2ccd9323a7c1066aae2e1b511fc915ce82e5b3973656e1fb445e1ed5fffccc4cbc546214da7aeb77b0fe15f993608b63cf59c99413106
-
SSDEEP
12288:cRWNcr8oxncLH0BYXEZyXNbUQI6YrZdzL0wArkRhA6cfUGpXWO4GQQcWcCK7MY2n:3NBIcrctodbUl1larAhA9UsWtGs9Mlnn
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-