General
-
Target
73e3deab3c1dbb605bdf28a6f1acef30df2b1ab789ba27d320788ff100dd0f0c
-
Size
1.5MB
-
Sample
221127-s7x2qadb7w
-
MD5
03c76a1870d4999aec5eeeaf1119938c
-
SHA1
481bcf1b2ff65210e83642a18b9e6c444ba26ca1
-
SHA256
73e3deab3c1dbb605bdf28a6f1acef30df2b1ab789ba27d320788ff100dd0f0c
-
SHA512
66cd6463fb856ae4d6372045046a9c448a2cacd6e132742f628d7b6572eac8f72bae4a2e6f6e63212397942ebedaab67d6bd107cc7c73a0817dd18b037332fcc
-
SSDEEP
24576:ng2Tg1se/oFeAgAI/y8YsAm85tKgB68IU86OpjY3g2+rKQfzFsFfknVPpeEtjYFA:0/oFxI/cw8P1sjfHrHzFLjZT
Static task
static1
Behavioral task
behavioral1
Sample
73e3deab3c1dbb605bdf28a6f1acef30df2b1ab789ba27d320788ff100dd0f0c.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
graymchealy500@gmail.com - Password:
fredman1800
Targets
-
-
Target
73e3deab3c1dbb605bdf28a6f1acef30df2b1ab789ba27d320788ff100dd0f0c
-
Size
1.5MB
-
MD5
03c76a1870d4999aec5eeeaf1119938c
-
SHA1
481bcf1b2ff65210e83642a18b9e6c444ba26ca1
-
SHA256
73e3deab3c1dbb605bdf28a6f1acef30df2b1ab789ba27d320788ff100dd0f0c
-
SHA512
66cd6463fb856ae4d6372045046a9c448a2cacd6e132742f628d7b6572eac8f72bae4a2e6f6e63212397942ebedaab67d6bd107cc7c73a0817dd18b037332fcc
-
SSDEEP
24576:ng2Tg1se/oFeAgAI/y8YsAm85tKgB68IU86OpjY3g2+rKQfzFsFfknVPpeEtjYFA:0/oFxI/cw8P1sjfHrHzFLjZT
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-