General
-
Target
bfb4514fb11f4578e39904b9de1f6e4f36fc909eb109f7501f3cfe49dd573fc2
-
Size
1013KB
-
Sample
221127-xd4dvsec3s
-
MD5
906f41885d365f221146201982485cb8
-
SHA1
6f786bda59777f06c17f34c39141079590662093
-
SHA256
bfb4514fb11f4578e39904b9de1f6e4f36fc909eb109f7501f3cfe49dd573fc2
-
SHA512
20302e0de878de2dac17781f21e52bc5f740a7be6d5a5f58e353e891464532f01e6b42d0f623125ac106b75c1053d1f0bf3583621ccdf75a80e5dd9fe2c41f44
-
SSDEEP
24576:0Jf42h1cqDhythNsH9KDCk028BWmAZutF15MxMXR:o4NWhqU0v8BW9sFzQM
Static task
static1
Behavioral task
behavioral1
Sample
bfb4514fb11f4578e39904b9de1f6e4f36fc909eb109f7501f3cfe49dd573fc2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
bfb4514fb11f4578e39904b9de1f6e4f36fc909eb109f7501f3cfe49dd573fc2.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
pioneermarinbd@gmail.com - Password:
tacxszcnntqbktph
Targets
-
-
Target
bfb4514fb11f4578e39904b9de1f6e4f36fc909eb109f7501f3cfe49dd573fc2
-
Size
1013KB
-
MD5
906f41885d365f221146201982485cb8
-
SHA1
6f786bda59777f06c17f34c39141079590662093
-
SHA256
bfb4514fb11f4578e39904b9de1f6e4f36fc909eb109f7501f3cfe49dd573fc2
-
SHA512
20302e0de878de2dac17781f21e52bc5f740a7be6d5a5f58e353e891464532f01e6b42d0f623125ac106b75c1053d1f0bf3583621ccdf75a80e5dd9fe2c41f44
-
SSDEEP
24576:0Jf42h1cqDhythNsH9KDCk028BWmAZutF15MxMXR:o4NWhqU0v8BW9sFzQM
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-