General
-
Target
34af6025848f06edccbbedd2d9ab61e7cb3c2d03b945cf1f63300abd5c1879ee
-
Size
679KB
-
Sample
221128-mg91psfe58
-
MD5
6ec60f37d746ff3cc4e07bbc22f64992
-
SHA1
5b4fdb323d57e8041957aa5bdbb9be6277ba09aa
-
SHA256
34af6025848f06edccbbedd2d9ab61e7cb3c2d03b945cf1f63300abd5c1879ee
-
SHA512
91981d858d10fa090f76099b327477ca7fb9d589f121ef23417d96b38cd4970033fc42e1725574e0ad205d2a57b1c016b3ad37210b3635160efcb6adb54f7375
-
SSDEEP
12288:iRBr52LvaGtEuWGC9hy8DCiPrtNg8mMujqBJvrOjaHpzXdDJ0UjtlaxzyDbvr/XR:iRwvBSuROyCC0rtq8mmH/bYenr/X7z5v
Static task
static1
Behavioral task
behavioral1
Sample
34af6025848f06edccbbedd2d9ab61e7cb3c2d03b945cf1f63300abd5c1879ee.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
doggy.k@yandex.com - Password:
kingsdoggy
Targets
-
-
Target
34af6025848f06edccbbedd2d9ab61e7cb3c2d03b945cf1f63300abd5c1879ee
-
Size
679KB
-
MD5
6ec60f37d746ff3cc4e07bbc22f64992
-
SHA1
5b4fdb323d57e8041957aa5bdbb9be6277ba09aa
-
SHA256
34af6025848f06edccbbedd2d9ab61e7cb3c2d03b945cf1f63300abd5c1879ee
-
SHA512
91981d858d10fa090f76099b327477ca7fb9d589f121ef23417d96b38cd4970033fc42e1725574e0ad205d2a57b1c016b3ad37210b3635160efcb6adb54f7375
-
SSDEEP
12288:iRBr52LvaGtEuWGC9hy8DCiPrtNg8mMujqBJvrOjaHpzXdDJ0UjtlaxzyDbvr/XR:iRwvBSuROyCC0rtq8mmH/bYenr/X7z5v
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-