General
-
Target
792f6081d23c9a3cee952ed9e62d314f1ad3355ad075d339d09284d93050f19f
-
Size
695KB
-
Sample
221126-yxf84sbc93
-
MD5
3bc25953e45e964d0c0bea14aacd23c5
-
SHA1
6bbb1c6903826ebdc73907d7722162c46cea563f
-
SHA256
792f6081d23c9a3cee952ed9e62d314f1ad3355ad075d339d09284d93050f19f
-
SHA512
a87d0267639d89f86f6f3dfcbef8aac96b6c9cfcc420d0a6f68edcdda9fe49e68c43d37f9d53339feaeabdbf6a274aea72443f9aad632caa4ef3fbca073fefdb
-
SSDEEP
12288:SmafVXX4DM50CYYLYDuYLDz4H61jgyDsRK:id4DM5tYJzn11jgdRK
Static task
static1
Behavioral task
behavioral1
Sample
792f6081d23c9a3cee952ed9e62d314f1ad3355ad075d339d09284d93050f19f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
792f6081d23c9a3cee952ed9e62d314f1ad3355ad075d339d09284d93050f19f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
[email protected] - Password:
Darkdark123
Targets
-
-
Target
792f6081d23c9a3cee952ed9e62d314f1ad3355ad075d339d09284d93050f19f
-
Size
695KB
-
MD5
3bc25953e45e964d0c0bea14aacd23c5
-
SHA1
6bbb1c6903826ebdc73907d7722162c46cea563f
-
SHA256
792f6081d23c9a3cee952ed9e62d314f1ad3355ad075d339d09284d93050f19f
-
SHA512
a87d0267639d89f86f6f3dfcbef8aac96b6c9cfcc420d0a6f68edcdda9fe49e68c43d37f9d53339feaeabdbf6a274aea72443f9aad632caa4ef3fbca073fefdb
-
SSDEEP
12288:SmafVXX4DM50CYYLYDuYLDz4H61jgyDsRK:id4DM5tYJzn11jgdRK
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-