General
-
Target
ab671c20d02b8ac69c289e7f1c7d16c38cb73dbcf118200a78fd5f11cfecb9d1
-
Size
540KB
-
Sample
221128-kv3gnsfd7y
-
MD5
be03e33ef55d89041806a25350a68c96
-
SHA1
3e7f01d0f19db5328920e51f60f1294afaf0e9bc
-
SHA256
ab671c20d02b8ac69c289e7f1c7d16c38cb73dbcf118200a78fd5f11cfecb9d1
-
SHA512
88786c6b7e191401ea9f61d1012cfcaf4b5c0392f1b17c47e483cf75cdf5f20ff6833a13a205b93408e35afdfcdd8f4d94744ef3ea9d14240f30ce604ec265fb
-
SSDEEP
6144:ZumGm3TNUbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnxl:ZNUQtqB5urTIoYWBQk1E+VF9mOx9jwa
Static task
static1
Behavioral task
behavioral1
Sample
ab671c20d02b8ac69c289e7f1c7d16c38cb73dbcf118200a78fd5f11cfecb9d1.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ab671c20d02b8ac69c289e7f1c7d16c38cb73dbcf118200a78fd5f11cfecb9d1.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
mgtbohach@gmail.com - Password:
Questions1
Targets
-
-
Target
ab671c20d02b8ac69c289e7f1c7d16c38cb73dbcf118200a78fd5f11cfecb9d1
-
Size
540KB
-
MD5
be03e33ef55d89041806a25350a68c96
-
SHA1
3e7f01d0f19db5328920e51f60f1294afaf0e9bc
-
SHA256
ab671c20d02b8ac69c289e7f1c7d16c38cb73dbcf118200a78fd5f11cfecb9d1
-
SHA512
88786c6b7e191401ea9f61d1012cfcaf4b5c0392f1b17c47e483cf75cdf5f20ff6833a13a205b93408e35afdfcdd8f4d94744ef3ea9d14240f30ce604ec265fb
-
SSDEEP
6144:ZumGm3TNUbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnxl:ZNUQtqB5urTIoYWBQk1E+VF9mOx9jwa
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-