General
-
Target
ea1794cc319e26517a2fec4e2f0aa31c39317fe7ca54fe03bd7bd1f9f49a2baf
-
Size
555KB
-
Sample
221128-mwtx2ach4z
-
MD5
8e644834c5e8608399dec73de83ac27d
-
SHA1
dd9291a79e9c9d7caa4bf3a4c64f0ee46cab313e
-
SHA256
ea1794cc319e26517a2fec4e2f0aa31c39317fe7ca54fe03bd7bd1f9f49a2baf
-
SHA512
b83233a2d8dbc54005fa9e1f167b23fa4e89e919ee3b5bd4d41bcaa9585915109ff072f3e24a39b48f2f3f349befd171bfa0bb779114f9e31da490d5a1ca8aa3
-
SSDEEP
12288:dtAPu3CoaZttUyMnh/cIhTzIZZPWE7lOEDitoAEas:d+GyZtUX/cI5UOEpOED9La
Static task
static1
Behavioral task
behavioral1
Sample
ea1794cc319e26517a2fec4e2f0aa31c39317fe7ca54fe03bd7bd1f9f49a2baf.exe
Resource
win7-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
goodman.man2015@yandex.ru - Password:
trade1234
Targets
-
-
Target
ea1794cc319e26517a2fec4e2f0aa31c39317fe7ca54fe03bd7bd1f9f49a2baf
-
Size
555KB
-
MD5
8e644834c5e8608399dec73de83ac27d
-
SHA1
dd9291a79e9c9d7caa4bf3a4c64f0ee46cab313e
-
SHA256
ea1794cc319e26517a2fec4e2f0aa31c39317fe7ca54fe03bd7bd1f9f49a2baf
-
SHA512
b83233a2d8dbc54005fa9e1f167b23fa4e89e919ee3b5bd4d41bcaa9585915109ff072f3e24a39b48f2f3f349befd171bfa0bb779114f9e31da490d5a1ca8aa3
-
SSDEEP
12288:dtAPu3CoaZttUyMnh/cIhTzIZZPWE7lOEDitoAEas:d+GyZtUX/cI5UOEpOED9La
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-