General
-
Target
d150b3b6f5b1281946b68c2d6081a9670c7d544705b37445aae5ebd748611527
-
Size
2.6MB
-
Sample
221127-mhjvxaea4t
-
MD5
7ddb24290d00b5f591f5cc9043e3e1a7
-
SHA1
e6ff2e9a85b30e1691f6a48c3c0fe4a9e0d181f5
-
SHA256
d150b3b6f5b1281946b68c2d6081a9670c7d544705b37445aae5ebd748611527
-
SHA512
82eb1fb70871bfe5545300a70c7a7279bd539e6ce18f2723fb8bfa8ccaf9860d7351ca66f1dc968856c7faa106389970f6b799e6b74d94ce754d7d683295dcb0
-
SSDEEP
49152:RzIKAfPZHhUlaRyxHKArdLQQ1KCjyf+1ez4zHMdYEhy4T6x0KE1CV/6xC:RzI/3ZHhUlLKArZrmf+144zHehdT6x0t
Static task
static1
Behavioral task
behavioral1
Sample
d150b3b6f5b1281946b68c2d6081a9670c7d544705b37445aae5ebd748611527.exe
Resource
win7-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
businessdb2010@gmail.com - Password:
@Doggod123
Targets
-
-
Target
d150b3b6f5b1281946b68c2d6081a9670c7d544705b37445aae5ebd748611527
-
Size
2.6MB
-
MD5
7ddb24290d00b5f591f5cc9043e3e1a7
-
SHA1
e6ff2e9a85b30e1691f6a48c3c0fe4a9e0d181f5
-
SHA256
d150b3b6f5b1281946b68c2d6081a9670c7d544705b37445aae5ebd748611527
-
SHA512
82eb1fb70871bfe5545300a70c7a7279bd539e6ce18f2723fb8bfa8ccaf9860d7351ca66f1dc968856c7faa106389970f6b799e6b74d94ce754d7d683295dcb0
-
SSDEEP
49152:RzIKAfPZHhUlaRyxHKArdLQQ1KCjyf+1ez4zHMdYEhy4T6x0KE1CV/6xC:RzI/3ZHhUlLKArZrmf+144zHehdT6x0t
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-