General
-
Target
d002e7632aa3722ddf5d359449307a51d4814f72e76e512633280fca75e1c7c4
-
Size
764KB
-
Sample
221127-savv4aag3z
-
MD5
87f4b4973835c86fae88d85e185d69d9
-
SHA1
b6e1a270765648076f10a8be3bbfb8149691f903
-
SHA256
d002e7632aa3722ddf5d359449307a51d4814f72e76e512633280fca75e1c7c4
-
SHA512
817c3709780301efa70e38e57364bfdad1b21caf282f8517c87de73f0fb32e9a8432585bc0ed6ee04aa8b6842d1a8a2e5ddea766f2bd0b251571973347d23992
-
SSDEEP
12288:/loSeHy0cRFH9O1VaOWBmolFG8PV9PkxgXn/3pPZy3CRcRAJdB:9oJyTO3aOymobG2D3vhZy3CRc+J
Static task
static1
Behavioral task
behavioral1
Sample
d002e7632aa3722ddf5d359449307a51d4814f72e76e512633280fca75e1c7c4.exe
Resource
win7-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
[email protected] - Password:
Churchmen1
Targets
-
-
Target
d002e7632aa3722ddf5d359449307a51d4814f72e76e512633280fca75e1c7c4
-
Size
764KB
-
MD5
87f4b4973835c86fae88d85e185d69d9
-
SHA1
b6e1a270765648076f10a8be3bbfb8149691f903
-
SHA256
d002e7632aa3722ddf5d359449307a51d4814f72e76e512633280fca75e1c7c4
-
SHA512
817c3709780301efa70e38e57364bfdad1b21caf282f8517c87de73f0fb32e9a8432585bc0ed6ee04aa8b6842d1a8a2e5ddea766f2bd0b251571973347d23992
-
SSDEEP
12288:/loSeHy0cRFH9O1VaOWBmolFG8PV9PkxgXn/3pPZy3CRcRAJdB:9oJyTO3aOymobG2D3vhZy3CRc+J
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-