General
-
Target
367185801872450b9b0c6abae46eaade63ffe4e6057acf05f55b015cca8b8843
-
Size
1.2MB
-
Sample
221128-p2ereadg45
-
MD5
4240c55183b1dfe2b08910668ef79e63
-
SHA1
3965f66974b696564a487c79ea2311d6a238b465
-
SHA256
367185801872450b9b0c6abae46eaade63ffe4e6057acf05f55b015cca8b8843
-
SHA512
eedbcdb306e73f660642fd36c0ed4ee7dc4bf771c9ce55190eba0b2378ccfaaa6907ba1e82c3605296fdd03a2de34a7cc7584321b2b43d4a8f177b023f6bf709
-
SSDEEP
24576:s4QGY5tdKnTEFxOHozGDtFP0GcuuyfFBHc1/FK8fo1HAg7U2K75Pvg:rXyZFxKXsGMmBHc19Jo1Hv9S
Static task
static1
Behavioral task
behavioral1
Sample
367185801872450b9b0c6abae46eaade63ffe4e6057acf05f55b015cca8b8843.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
367185801872450b9b0c6abae46eaade63ffe4e6057acf05f55b015cca8b8843.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
limbo015@yandex.ru - Password:
glorify101
Targets
-
-
Target
367185801872450b9b0c6abae46eaade63ffe4e6057acf05f55b015cca8b8843
-
Size
1.2MB
-
MD5
4240c55183b1dfe2b08910668ef79e63
-
SHA1
3965f66974b696564a487c79ea2311d6a238b465
-
SHA256
367185801872450b9b0c6abae46eaade63ffe4e6057acf05f55b015cca8b8843
-
SHA512
eedbcdb306e73f660642fd36c0ed4ee7dc4bf771c9ce55190eba0b2378ccfaaa6907ba1e82c3605296fdd03a2de34a7cc7584321b2b43d4a8f177b023f6bf709
-
SSDEEP
24576:s4QGY5tdKnTEFxOHozGDtFP0GcuuyfFBHc1/FK8fo1HAg7U2K75Pvg:rXyZFxKXsGMmBHc19Jo1Hv9S
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-