General
-
Target
aff0173fc99de7cd90b51eb7432de3888adff3bc46d103a6964dfb48659ad6aa
-
Size
543KB
-
Sample
221127-fpsytseh9s
-
MD5
220aa8c39fda5bdfee9ece220ec14928
-
SHA1
50d5af08afe233857d18ba89342795c54231fd16
-
SHA256
aff0173fc99de7cd90b51eb7432de3888adff3bc46d103a6964dfb48659ad6aa
-
SHA512
04f5cb152352ea93269b0c8184cb7c60a7259a8e5ba463e3ec1473a3c1481fba5888f048b1ecd6656a88efbdf07f630b0cd15ba72c9d46a0dc1298eb0ea97396
-
SSDEEP
12288:eJsUw0L5ZLzvBa51lO5aSrhHvI3/GzlmZJiPY7z6v68cEl3pnau:zE3bB41VSrhPG6lmeDv6fERwu
Static task
static1
Behavioral task
behavioral1
Sample
aff0173fc99de7cd90b51eb7432de3888adff3bc46d103a6964dfb48659ad6aa.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
aff0173fc99de7cd90b51eb7432de3888adff3bc46d103a6964dfb48659ad6aa.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
houseofexlies@gmail.com - Password:
yozzgikoyinpewpd
Targets
-
-
Target
aff0173fc99de7cd90b51eb7432de3888adff3bc46d103a6964dfb48659ad6aa
-
Size
543KB
-
MD5
220aa8c39fda5bdfee9ece220ec14928
-
SHA1
50d5af08afe233857d18ba89342795c54231fd16
-
SHA256
aff0173fc99de7cd90b51eb7432de3888adff3bc46d103a6964dfb48659ad6aa
-
SHA512
04f5cb152352ea93269b0c8184cb7c60a7259a8e5ba463e3ec1473a3c1481fba5888f048b1ecd6656a88efbdf07f630b0cd15ba72c9d46a0dc1298eb0ea97396
-
SSDEEP
12288:eJsUw0L5ZLzvBa51lO5aSrhHvI3/GzlmZJiPY7z6v68cEl3pnau:zE3bB41VSrhPG6lmeDv6fERwu
-
Modifies WinLogon for persistence
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops file in Drivers directory
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-