General
-
Target
06703ebe2c90974993cbc409e8e5815e108e1ea8270d374a93b55eed38f6e5ff
-
Size
1.3MB
-
Sample
221127-xepxvsae62
-
MD5
8977c63e3448ab7a352312ffb92c95e2
-
SHA1
9a9fc7316768553c7b707f8a6a7f39ee92cd7d3c
-
SHA256
06703ebe2c90974993cbc409e8e5815e108e1ea8270d374a93b55eed38f6e5ff
-
SHA512
bc0755ac0ac14f7189bf35e1fbe7c23391a1635639a19701e82183448fe102d1729f4a9e5579e0881847e8f867a50d264f991828c74b45aeace5ac43a88d6b0b
-
SSDEEP
24576:fErl6z8ueTLDAxgOY0vb6irt/Bl1H3L9FQRJg+qyxS9+ZVY/dG6b8oD3Fr46ja9o:lzQLDovT35DV7Hr+Tu+AvVD9Hei
Static task
static1
Behavioral task
behavioral1
Sample
06703ebe2c90974993cbc409e8e5815e108e1ea8270d374a93b55eed38f6e5ff.exe
Resource
win7-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
okigweman2@mail.ru - Password:
schoolboy
Targets
-
-
Target
06703ebe2c90974993cbc409e8e5815e108e1ea8270d374a93b55eed38f6e5ff
-
Size
1.3MB
-
MD5
8977c63e3448ab7a352312ffb92c95e2
-
SHA1
9a9fc7316768553c7b707f8a6a7f39ee92cd7d3c
-
SHA256
06703ebe2c90974993cbc409e8e5815e108e1ea8270d374a93b55eed38f6e5ff
-
SHA512
bc0755ac0ac14f7189bf35e1fbe7c23391a1635639a19701e82183448fe102d1729f4a9e5579e0881847e8f867a50d264f991828c74b45aeace5ac43a88d6b0b
-
SSDEEP
24576:fErl6z8ueTLDAxgOY0vb6irt/Bl1H3L9FQRJg+qyxS9+ZVY/dG6b8oD3Fr46ja9o:lzQLDovT35DV7Hr+Tu+AvVD9Hei
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-