General
-
Target
a1eb1052f8adb9fcdeba8c950663c6eaf63eb8a7fb5d61b4377d1389b7256479
-
Size
600KB
-
Sample
221128-mps26acd3y
-
MD5
79011ec1d71858487b590d9f7e8002bd
-
SHA1
9cf823e735d40dcace6ab0fec9e8bf7ae13e6313
-
SHA256
a1eb1052f8adb9fcdeba8c950663c6eaf63eb8a7fb5d61b4377d1389b7256479
-
SHA512
829f8c6f24c7f4d2e99ddb2de6d9c57bf26c4179810e9fc93a6d7b0a35626d3d0f1c8339c0cb4f805f7ac055d262fed9fe82b2caf699c5fdeadaff5c7faf3945
-
SSDEEP
12288:RGsHeZhOtCSoMywf6wRIFJ8rz2TCdyKpsiIx2IN:RGXLSUxP9KB
Static task
static1
Behavioral task
behavioral1
Sample
a1eb1052f8adb9fcdeba8c950663c6eaf63eb8a7fb5d61b4377d1389b7256479.exe
Resource
win7-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
markson.james1@yandex.ru - Password:
uchenna12345
Targets
-
-
Target
a1eb1052f8adb9fcdeba8c950663c6eaf63eb8a7fb5d61b4377d1389b7256479
-
Size
600KB
-
MD5
79011ec1d71858487b590d9f7e8002bd
-
SHA1
9cf823e735d40dcace6ab0fec9e8bf7ae13e6313
-
SHA256
a1eb1052f8adb9fcdeba8c950663c6eaf63eb8a7fb5d61b4377d1389b7256479
-
SHA512
829f8c6f24c7f4d2e99ddb2de6d9c57bf26c4179810e9fc93a6d7b0a35626d3d0f1c8339c0cb4f805f7ac055d262fed9fe82b2caf699c5fdeadaff5c7faf3945
-
SSDEEP
12288:RGsHeZhOtCSoMywf6wRIFJ8rz2TCdyKpsiIx2IN:RGXLSUxP9KB
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-