General
-
Target
d669e6c0997aad73cb4e5ccd96eb21e88aa4b61143f298b27fa605a2ffba550d
-
Size
622KB
-
Sample
221128-mwa5xscg9x
-
MD5
689d94d388318bf2195d2b7a8b049c6c
-
SHA1
4ec5ec7e80eeb7bcdabdfbf03b2ebef4430b2fd3
-
SHA256
d669e6c0997aad73cb4e5ccd96eb21e88aa4b61143f298b27fa605a2ffba550d
-
SHA512
4d1f5d7b440635a673c57a0b9c207d5109000d8ba5ed77a62d6b4cc4ea848f45e47adced307c0ce15c98870a227f95b97e604f7c39d187b8d95b011d0d25e457
-
SSDEEP
12288:zpzjK9JFJZU506Z4Z7wIHW8n6Dyu0uObJ5uEUiv7SGK8aTfnUnOs:zpzjKpdRwIHW86h0vJgKv7SPG
Static task
static1
Behavioral task
behavioral1
Sample
d669e6c0997aad73cb4e5ccd96eb21e88aa4b61143f298b27fa605a2ffba550d.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
ybnl8701@yandex.ru - Password:
uchenna12345
Targets
-
-
Target
d669e6c0997aad73cb4e5ccd96eb21e88aa4b61143f298b27fa605a2ffba550d
-
Size
622KB
-
MD5
689d94d388318bf2195d2b7a8b049c6c
-
SHA1
4ec5ec7e80eeb7bcdabdfbf03b2ebef4430b2fd3
-
SHA256
d669e6c0997aad73cb4e5ccd96eb21e88aa4b61143f298b27fa605a2ffba550d
-
SHA512
4d1f5d7b440635a673c57a0b9c207d5109000d8ba5ed77a62d6b4cc4ea848f45e47adced307c0ce15c98870a227f95b97e604f7c39d187b8d95b011d0d25e457
-
SSDEEP
12288:zpzjK9JFJZU506Z4Z7wIHW8n6Dyu0uObJ5uEUiv7SGK8aTfnUnOs:zpzjKpdRwIHW86h0vJgKv7SPG
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-