General
-
Target
f06272ee388b7f20c3ad638fd10d32b276f66ec473ee39fdc1282ae7d4720663
-
Size
784KB
-
Sample
221128-ky5ffaff8t
-
MD5
95b7ecc4b249773ac729e67dc217ebc0
-
SHA1
7e85b2c1e4a6bc15ddc6145a0dff883e0236a270
-
SHA256
f06272ee388b7f20c3ad638fd10d32b276f66ec473ee39fdc1282ae7d4720663
-
SHA512
82882c46716faf32110cf57c05619a5381d93bc942a8f491b94d12f0b9081746b86505fbca8367ed77857040f18ca815b949ec2668e87ae1f4b89ecc40a4b8b6
-
SSDEEP
24576:9kduyDzPEZ0SUZkPiQM4G4Ktdj4/vpcS9:quGT1Sik6J4G4KtS/vp7
Static task
static1
Behavioral task
behavioral1
Sample
f06272ee388b7f20c3ad638fd10d32b276f66ec473ee39fdc1282ae7d4720663.exe
Resource
win7-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.zoho.com - Port:
587 - Username:
logs@chopsecurity.ru - Password:
gfdsa321
Targets
-
-
Target
f06272ee388b7f20c3ad638fd10d32b276f66ec473ee39fdc1282ae7d4720663
-
Size
784KB
-
MD5
95b7ecc4b249773ac729e67dc217ebc0
-
SHA1
7e85b2c1e4a6bc15ddc6145a0dff883e0236a270
-
SHA256
f06272ee388b7f20c3ad638fd10d32b276f66ec473ee39fdc1282ae7d4720663
-
SHA512
82882c46716faf32110cf57c05619a5381d93bc942a8f491b94d12f0b9081746b86505fbca8367ed77857040f18ca815b949ec2668e87ae1f4b89ecc40a4b8b6
-
SSDEEP
24576:9kduyDzPEZ0SUZkPiQM4G4Ktdj4/vpcS9:quGT1Sik6J4G4KtS/vp7
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-