General
-
Target
a10949528f845c877b75f88bf1e101a0e8537a246cf86c003d216ace4edda959
-
Size
563KB
-
Sample
221128-e6n6jaah9w
-
MD5
3fdb270ebe72931e5ad91346fc448ba2
-
SHA1
6a9da9c547fa865f742e0b12dcaec9ae9ed530f0
-
SHA256
a10949528f845c877b75f88bf1e101a0e8537a246cf86c003d216ace4edda959
-
SHA512
9b204381ede25e7d5a884a1ea2d4629d3ced904da706a07ad27ef4bbb50596639d265a409eaade5a0ce30823f566583e4ce7d3c3e457efa0dea545203175ba29
-
SSDEEP
12288:EiYco+gunQUBCEAWfykqVNe3U24eoz8LWyv:ENZunQU1aVNe3U24QLWyv
Static task
static1
Behavioral task
behavioral1
Sample
a10949528f845c877b75f88bf1e101a0e8537a246cf86c003d216ace4edda959.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
a10949528f845c877b75f88bf1e101a0e8537a246cf86c003d216ace4edda959.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
jeanluc123456789
Targets
-
-
Target
a10949528f845c877b75f88bf1e101a0e8537a246cf86c003d216ace4edda959
-
Size
563KB
-
MD5
3fdb270ebe72931e5ad91346fc448ba2
-
SHA1
6a9da9c547fa865f742e0b12dcaec9ae9ed530f0
-
SHA256
a10949528f845c877b75f88bf1e101a0e8537a246cf86c003d216ace4edda959
-
SHA512
9b204381ede25e7d5a884a1ea2d4629d3ced904da706a07ad27ef4bbb50596639d265a409eaade5a0ce30823f566583e4ce7d3c3e457efa0dea545203175ba29
-
SSDEEP
12288:EiYco+gunQUBCEAWfykqVNe3U24eoz8LWyv:ENZunQU1aVNe3U24QLWyv
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-