General
-
Target
32ba586811c9226b2eb6784e3db613c365f99557fb4703270abc93c74b216e3b
-
Size
540KB
-
Sample
221128-msl31sgc89
-
MD5
4b484c1f2f886f16731a35ed03060b4e
-
SHA1
5f7ffd9e468b51c8b9ec1588f6385cc9fb0965ba
-
SHA256
32ba586811c9226b2eb6784e3db613c365f99557fb4703270abc93c74b216e3b
-
SHA512
35a400efe7603e931473ccbaa0350388d9e0500406d0062230b569cc5e2d0168d384373a5cbd14c9c54ab6a3ae041e6d10a95c5efda15ef38ed50e01d0209efd
-
SSDEEP
12288:96Wq2QtqB5urTIoYWBQk1E+VF9mOx9rwY:NQtqBorTlYWBhE+V3mO
Static task
static1
Behavioral task
behavioral1
Sample
32ba586811c9226b2eb6784e3db613c365f99557fb4703270abc93c74b216e3b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
32ba586811c9226b2eb6784e3db613c365f99557fb4703270abc93c74b216e3b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
qwerty@12345
Targets
-
-
Target
32ba586811c9226b2eb6784e3db613c365f99557fb4703270abc93c74b216e3b
-
Size
540KB
-
MD5
4b484c1f2f886f16731a35ed03060b4e
-
SHA1
5f7ffd9e468b51c8b9ec1588f6385cc9fb0965ba
-
SHA256
32ba586811c9226b2eb6784e3db613c365f99557fb4703270abc93c74b216e3b
-
SHA512
35a400efe7603e931473ccbaa0350388d9e0500406d0062230b569cc5e2d0168d384373a5cbd14c9c54ab6a3ae041e6d10a95c5efda15ef38ed50e01d0209efd
-
SSDEEP
12288:96Wq2QtqB5urTIoYWBQk1E+VF9mOx9rwY:NQtqBorTlYWBhE+V3mO
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-