General
-
Target
650aa9843cab95abe28eb1da34643a60422b1270d89b8f3485285e439e605d4d
-
Size
584KB
-
Sample
221128-lx9jfaeb42
-
MD5
2b2823f621659725b5b02e94988f5cd2
-
SHA1
d6deebe63f04f50dcfe1e98f364f50cfe22cf62a
-
SHA256
650aa9843cab95abe28eb1da34643a60422b1270d89b8f3485285e439e605d4d
-
SHA512
b54c4ed54cc78b3c9210a7914be34152b82574353a5d419e9f3df4afc274f6a567fd1ffde726c4ac7c47a2c67bf65716818e798e040167a02ca4a8b28d1a47e2
-
SSDEEP
12288:C6DK2JfOeIgmDvlXf/ar0S2dGNv6rV1arY7ZXoYOOdMdwBv1:CgDpON5yYLoh6rvcY7ZX/M6Bv
Static task
static1
Behavioral task
behavioral1
Sample
650aa9843cab95abe28eb1da34643a60422b1270d89b8f3485285e439e605d4d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
650aa9843cab95abe28eb1da34643a60422b1270d89b8f3485285e439e605d4d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
artdlade@gmail.com - Password:
qwerty@12345
Targets
-
-
Target
650aa9843cab95abe28eb1da34643a60422b1270d89b8f3485285e439e605d4d
-
Size
584KB
-
MD5
2b2823f621659725b5b02e94988f5cd2
-
SHA1
d6deebe63f04f50dcfe1e98f364f50cfe22cf62a
-
SHA256
650aa9843cab95abe28eb1da34643a60422b1270d89b8f3485285e439e605d4d
-
SHA512
b54c4ed54cc78b3c9210a7914be34152b82574353a5d419e9f3df4afc274f6a567fd1ffde726c4ac7c47a2c67bf65716818e798e040167a02ca4a8b28d1a47e2
-
SSDEEP
12288:C6DK2JfOeIgmDvlXf/ar0S2dGNv6rV1arY7ZXoYOOdMdwBv1:CgDpON5yYLoh6rvcY7ZX/M6Bv
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-