General
-
Target
99e47f2b76f3425303d8329b361d5d0fbe85167165162da3d6eedbd3b0d0694f
-
Size
609KB
-
Sample
221128-mwvjkagf46
-
MD5
44296f6d3a5a779f35825fa935c7339b
-
SHA1
0759af2e72a6833461fc70c37c1345001b7d0584
-
SHA256
99e47f2b76f3425303d8329b361d5d0fbe85167165162da3d6eedbd3b0d0694f
-
SHA512
a3ad75921bd2d35e121afc50efe037406207aef9ff78f0d92196e46d65be5eb355d68209708b94bd28866b58412798b2d6ded12449ae117df5c25a2ffdeb4578
-
SSDEEP
12288:MqG4PEqoaiatJOrlT5NJz7bcVOLoQiHhxRlT8/RpphFl3e1:Md4PEqxhJOrlT5NJ3KOshxrG9
Static task
static1
Behavioral task
behavioral1
Sample
99e47f2b76f3425303d8329b361d5d0fbe85167165162da3d6eedbd3b0d0694f.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
official.things@yandex.ru - Password:
BLUE4REAL
Targets
-
-
Target
99e47f2b76f3425303d8329b361d5d0fbe85167165162da3d6eedbd3b0d0694f
-
Size
609KB
-
MD5
44296f6d3a5a779f35825fa935c7339b
-
SHA1
0759af2e72a6833461fc70c37c1345001b7d0584
-
SHA256
99e47f2b76f3425303d8329b361d5d0fbe85167165162da3d6eedbd3b0d0694f
-
SHA512
a3ad75921bd2d35e121afc50efe037406207aef9ff78f0d92196e46d65be5eb355d68209708b94bd28866b58412798b2d6ded12449ae117df5c25a2ffdeb4578
-
SSDEEP
12288:MqG4PEqoaiatJOrlT5NJz7bcVOLoQiHhxRlT8/RpphFl3e1:Md4PEqxhJOrlT5NJ3KOshxrG9
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-