General
-
Target
82af16ff58b864857f49aeaf5ddd386ce7bf95958d24eb8a0dbe68276034b777
-
Size
995KB
-
Sample
221127-vqevxshd21
-
MD5
339f8110e1d38bf81bf0cc7f04de02b8
-
SHA1
6b1245b3981f3998d01fd80cf0d3c7b952a49197
-
SHA256
82af16ff58b864857f49aeaf5ddd386ce7bf95958d24eb8a0dbe68276034b777
-
SHA512
d7625fa364a5c1a9884744aa5e184b617796e7402357a3ea95868da76052b6755d8fbf2b402eef4a078ce7322da9a16d436dceec0840183b5f27d4b812b215d2
-
SSDEEP
24576:Q8eNgsHsUe3w6EbwLYQKzhso/VAVsAJd8HLB:Q86gwpe3wlbNNhTlAJOHF
Static task
static1
Behavioral task
behavioral1
Sample
82af16ff58b864857f49aeaf5ddd386ce7bf95958d24eb8a0dbe68276034b777.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
82af16ff58b864857f49aeaf5ddd386ce7bf95958d24eb8a0dbe68276034b777.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
williamluckyeboigbeone@gmail.com - Password:
@iloveu77
Targets
-
-
Target
82af16ff58b864857f49aeaf5ddd386ce7bf95958d24eb8a0dbe68276034b777
-
Size
995KB
-
MD5
339f8110e1d38bf81bf0cc7f04de02b8
-
SHA1
6b1245b3981f3998d01fd80cf0d3c7b952a49197
-
SHA256
82af16ff58b864857f49aeaf5ddd386ce7bf95958d24eb8a0dbe68276034b777
-
SHA512
d7625fa364a5c1a9884744aa5e184b617796e7402357a3ea95868da76052b6755d8fbf2b402eef4a078ce7322da9a16d436dceec0840183b5f27d4b812b215d2
-
SSDEEP
24576:Q8eNgsHsUe3w6EbwLYQKzhso/VAVsAJd8HLB:Q86gwpe3wlbNNhTlAJOHF
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-