General
-
Target
8c68528327f35ac8786011785f9903a610b7b9f031d3087067fca490d1abdb39
-
Size
564KB
-
Sample
221127-p1lhkach2v
-
MD5
a8dda1192aaac2da127a99b1e3600f25
-
SHA1
6e34212ef48f09ff0db836aab80c353f32feb9b4
-
SHA256
8c68528327f35ac8786011785f9903a610b7b9f031d3087067fca490d1abdb39
-
SHA512
a2b20a46530b936dee7b6ff212f6025d2b56e48cc98ac46e31a655697ff9c45795b6556cb12cc0d6bf91d3623d1a6e76617b4d09c13c9c5da9305e0142e50d38
-
SSDEEP
12288:qSuqIz05wqquggrepn7rNezSOesRS6BRJvbd:qNz07CRrKSAbPb
Static task
static1
Behavioral task
behavioral1
Sample
8c68528327f35ac8786011785f9903a610b7b9f031d3087067fca490d1abdb39.exe
Resource
win7-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
Waynerossi
Targets
-
-
Target
8c68528327f35ac8786011785f9903a610b7b9f031d3087067fca490d1abdb39
-
Size
564KB
-
MD5
a8dda1192aaac2da127a99b1e3600f25
-
SHA1
6e34212ef48f09ff0db836aab80c353f32feb9b4
-
SHA256
8c68528327f35ac8786011785f9903a610b7b9f031d3087067fca490d1abdb39
-
SHA512
a2b20a46530b936dee7b6ff212f6025d2b56e48cc98ac46e31a655697ff9c45795b6556cb12cc0d6bf91d3623d1a6e76617b4d09c13c9c5da9305e0142e50d38
-
SSDEEP
12288:qSuqIz05wqquggrepn7rNezSOesRS6BRJvbd:qNz07CRrKSAbPb
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-