General
-
Target
d628793105a4bfe0de5ce46473cfb0da6fc996481929496814775c548126464f
-
Size
702KB
-
Sample
221127-v4ahcsac9x
-
MD5
12355f9ba251a8084d68788d0f2c32f2
-
SHA1
37ec3c640d860083cbf741213d642f292bf80fe8
-
SHA256
d628793105a4bfe0de5ce46473cfb0da6fc996481929496814775c548126464f
-
SHA512
f317417ed868950131ab5ef73eb083c84c9a12081dc692ded45961f89f06054e478b438a9bab4ed07afaf3cdcfe32092a89ad7e86fc3962779c49c2fba0861a5
-
SSDEEP
12288:X/QGi0rv9smYL6ENF/h7nlbMV81W3tVctjLmqw9qlus/k:vQGi0rv9YWENJZGVGW3tVctXmqw9ql
Static task
static1
Behavioral task
behavioral1
Sample
d628793105a4bfe0de5ce46473cfb0da6fc996481929496814775c548126464f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d628793105a4bfe0de5ce46473cfb0da6fc996481929496814775c548126464f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
trailsntempt@gmail.com - Password:
vinny@2008
Targets
-
-
Target
d628793105a4bfe0de5ce46473cfb0da6fc996481929496814775c548126464f
-
Size
702KB
-
MD5
12355f9ba251a8084d68788d0f2c32f2
-
SHA1
37ec3c640d860083cbf741213d642f292bf80fe8
-
SHA256
d628793105a4bfe0de5ce46473cfb0da6fc996481929496814775c548126464f
-
SHA512
f317417ed868950131ab5ef73eb083c84c9a12081dc692ded45961f89f06054e478b438a9bab4ed07afaf3cdcfe32092a89ad7e86fc3962779c49c2fba0861a5
-
SSDEEP
12288:X/QGi0rv9smYL6ENF/h7nlbMV81W3tVctjLmqw9qlus/k:vQGi0rv9YWENJZGVGW3tVctXmqw9ql
-
Modifies WinLogon for persistence
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops file in Drivers directory
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-