General
-
Target
75dd0717eedd8738dc43283d2e2b172939fc68e517f90c9ed849a4b57799dbd3
-
Size
3.0MB
-
Sample
221128-e2kmjsee68
-
MD5
8d95316ec6a0638d97ae0a37b402776b
-
SHA1
9db970f50d1ba8c27e7fd3cefdd93af8a810c67e
-
SHA256
75dd0717eedd8738dc43283d2e2b172939fc68e517f90c9ed849a4b57799dbd3
-
SHA512
99d79073f9d6f4f76ffa139d220cff9aa3fef042f022226166e55acdb588eec4c71d0467865ac34748be32c8c6c07d3e3957a5defde4cb5a501fd1ed601a085b
-
SSDEEP
49152:OK3dAkXQM3YcSJS1oh0Qei+9wjfTSKJ0wFe3RSTsG41dzEGywRDcXUCGajWsCqx+:OK3dAEf3sjhRF+6fT/be8Tf4NhCGT
Static task
static1
Behavioral task
behavioral1
Sample
75dd0717eedd8738dc43283d2e2b172939fc68e517f90c9ed849a4b57799dbd3.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
75dd0717eedd8738dc43283d2e2b172939fc68e517f90c9ed849a4b57799dbd3.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.freehostia.com - Port:
21 - Username:
benowe4 - Password:
jerry003
Targets
-
-
Target
75dd0717eedd8738dc43283d2e2b172939fc68e517f90c9ed849a4b57799dbd3
-
Size
3.0MB
-
MD5
8d95316ec6a0638d97ae0a37b402776b
-
SHA1
9db970f50d1ba8c27e7fd3cefdd93af8a810c67e
-
SHA256
75dd0717eedd8738dc43283d2e2b172939fc68e517f90c9ed849a4b57799dbd3
-
SHA512
99d79073f9d6f4f76ffa139d220cff9aa3fef042f022226166e55acdb588eec4c71d0467865ac34748be32c8c6c07d3e3957a5defde4cb5a501fd1ed601a085b
-
SSDEEP
49152:OK3dAkXQM3YcSJS1oh0Qei+9wjfTSKJ0wFe3RSTsG41dzEGywRDcXUCGajWsCqx+:OK3dAEf3sjhRF+6fT/be8Tf4NhCGT
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-