General
-
Target
b9311d8029cccde10ff6f1056b0daa329b215fffd809c4b31b60939d0480e073
-
Size
507KB
-
Sample
221128-kmtjssae94
-
MD5
91e88e1845187eff886c1e5c5f85c4ea
-
SHA1
d6441244ce905ea8882b61a5a6e30d2e96bab238
-
SHA256
b9311d8029cccde10ff6f1056b0daa329b215fffd809c4b31b60939d0480e073
-
SHA512
4f371382704802843b9d4c19a065fce50884e24cff244396911913cdfc891ba439ac4ede25d804287542ae8859828c386d83082fded2b43780882a731f3deb99
-
SSDEEP
12288:QLKxJBPjWzn8uZBHgMTpJl7migaM+VVRfKyP3XrzlM4:QLKFqV/H1zaignDyvXrJ5
Static task
static1
Behavioral task
behavioral1
Sample
b9311d8029cccde10ff6f1056b0daa329b215fffd809c4b31b60939d0480e073.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b9311d8029cccde10ff6f1056b0daa329b215fffd809c4b31b60939d0480e073.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
qwerty@54321
Targets
-
-
Target
b9311d8029cccde10ff6f1056b0daa329b215fffd809c4b31b60939d0480e073
-
Size
507KB
-
MD5
91e88e1845187eff886c1e5c5f85c4ea
-
SHA1
d6441244ce905ea8882b61a5a6e30d2e96bab238
-
SHA256
b9311d8029cccde10ff6f1056b0daa329b215fffd809c4b31b60939d0480e073
-
SHA512
4f371382704802843b9d4c19a065fce50884e24cff244396911913cdfc891ba439ac4ede25d804287542ae8859828c386d83082fded2b43780882a731f3deb99
-
SSDEEP
12288:QLKxJBPjWzn8uZBHgMTpJl7migaM+VVRfKyP3XrzlM4:QLKFqV/H1zaignDyvXrJ5
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-