General
-
Target
0b08e10aaf12db55e6c5b4b3bc52bf11bb8005e3259fa8bdafafea0b01cc16f7
-
Size
603KB
-
Sample
221128-m3z3madd4v
-
MD5
e8e0e1fca38cae6c9e7c6ab198348edd
-
SHA1
085d8569669e3c6cbb6bd6bd0cfc67c87f485ce2
-
SHA256
0b08e10aaf12db55e6c5b4b3bc52bf11bb8005e3259fa8bdafafea0b01cc16f7
-
SHA512
2af12e0fc8648c0dea69c31f028ceefce6a58780d4ad0ef22f409bf113db23a8209808946c1b1c4cc27b03793177adba8d5b03c7279cba895705998eab253c15
-
SSDEEP
12288:VA/rmdd4qux35UzuQdr6NeqtI7myHUgVt4d0hFrj38N:crmdd3I3Y96NSyE4dCnM
Static task
static1
Behavioral task
behavioral1
Sample
0b08e10aaf12db55e6c5b4b3bc52bf11bb8005e3259fa8bdafafea0b01cc16f7.exe
Resource
win7-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
uchenna12345
Targets
-
-
Target
0b08e10aaf12db55e6c5b4b3bc52bf11bb8005e3259fa8bdafafea0b01cc16f7
-
Size
603KB
-
MD5
e8e0e1fca38cae6c9e7c6ab198348edd
-
SHA1
085d8569669e3c6cbb6bd6bd0cfc67c87f485ce2
-
SHA256
0b08e10aaf12db55e6c5b4b3bc52bf11bb8005e3259fa8bdafafea0b01cc16f7
-
SHA512
2af12e0fc8648c0dea69c31f028ceefce6a58780d4ad0ef22f409bf113db23a8209808946c1b1c4cc27b03793177adba8d5b03c7279cba895705998eab253c15
-
SSDEEP
12288:VA/rmdd4qux35UzuQdr6NeqtI7myHUgVt4d0hFrj38N:crmdd3I3Y96NSyE4dCnM
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-