General
-
Target
f901fad33d84fcee5c5c6ca16b9ac0fac7dfaa18fcf73d953d11a492b37285c2
-
Size
1.3MB
-
Sample
221127-rwycnsdh92
-
MD5
41f2a423f4fb9d6eb43a39f4d20afcbf
-
SHA1
c1da163b26af40d5c51350f593273af25d8aa091
-
SHA256
f901fad33d84fcee5c5c6ca16b9ac0fac7dfaa18fcf73d953d11a492b37285c2
-
SHA512
aaf8013b0601e6d181c45be8f8f6638e4f7797f8154a115b8dd9ffb571a48295c3daf5be85f41086161472b2e13986fcd9895f3ce3733a3b3493e7fe8ff5ea14
-
SSDEEP
24576:poJL/y54Kf1pWfrLshb3EbEZ1YqIE+LbYi:m/b6pELsDEbs1JCLv
Static task
static1
Behavioral task
behavioral1
Sample
f901fad33d84fcee5c5c6ca16b9ac0fac7dfaa18fcf73d953d11a492b37285c2.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f901fad33d84fcee5c5c6ca16b9ac0fac7dfaa18fcf73d953d11a492b37285c2.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
Mojisolanifemi123#
Targets
-
-
Target
f901fad33d84fcee5c5c6ca16b9ac0fac7dfaa18fcf73d953d11a492b37285c2
-
Size
1.3MB
-
MD5
41f2a423f4fb9d6eb43a39f4d20afcbf
-
SHA1
c1da163b26af40d5c51350f593273af25d8aa091
-
SHA256
f901fad33d84fcee5c5c6ca16b9ac0fac7dfaa18fcf73d953d11a492b37285c2
-
SHA512
aaf8013b0601e6d181c45be8f8f6638e4f7797f8154a115b8dd9ffb571a48295c3daf5be85f41086161472b2e13986fcd9895f3ce3733a3b3493e7fe8ff5ea14
-
SSDEEP
24576:poJL/y54Kf1pWfrLshb3EbEZ1YqIE+LbYi:m/b6pELsDEbs1JCLv
-
Modifies WinLogon for persistence
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-