General
-
Target
6bf2340ada20eb1fca7d7b102877f3862d00b0f477060f0d2f7a70dfa483af9e
-
Size
812KB
-
Sample
221127-wdy9gafe32
-
MD5
daa2493e4f7575fd45f51138266911ff
-
SHA1
2bebbbdf899fbed3bf3dd65031427d39f7dadd68
-
SHA256
6bf2340ada20eb1fca7d7b102877f3862d00b0f477060f0d2f7a70dfa483af9e
-
SHA512
073e8ec752c34fa1d87dd525918a0414be222808746c256ed6d716be78000e2b732bcb2b8061cc18cbb9b3ba752c69269cabe88f5e63d2a19c2babb2246431cc
-
SSDEEP
24576:a2PGO7d37vvB4sqrr6ZGf6sawcQ1r+1j45HJ1EI80:aMhvvBcreZTsRI45Hzf80
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
chukwuabiamagoziem@gmail.com - Password:
jesusislord1234
Targets
-
-
Target
sample.exe
-
Size
1.0MB
-
MD5
d629a86e123d889f68364b9d5302e0bd
-
SHA1
d5e6983ec83b9a34cc67948c10c5a808e1523f5e
-
SHA256
fece306880d911a9fd2ab6e2810ffd4913cf450bd7d81f622a3137b5e8cf59be
-
SHA512
58ad4d4f96a0fab301fe93d682459d61398fc571db7cbcf5d4afeb5e35ac711bf689bb78c2a1e143ef928c850c1f1b48148e5c46dcb6caa963e682077f1af409
-
SSDEEP
24576:Mf5b9R9zCOVp+8EpVteUc6woa+i2Z9lAlAj0YlTAHVtfO:w5b1+OH+8SrvwoaNu0YTWVtfO
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-