General
-
Target
541708b2d05295e5bda002af6b944acbd5f817f9da1b4c21cc55a90630246719
-
Size
960KB
-
Sample
221128-trdhtaca2x
-
MD5
4ba9ff99b0d92aeafb2965fa4c534bed
-
SHA1
6aacab210def98ab002772997af5a19eeaa197d0
-
SHA256
541708b2d05295e5bda002af6b944acbd5f817f9da1b4c21cc55a90630246719
-
SHA512
8c6e00e5bcaa55a261d6684143ad57c397998fd56220c279ccb8d3491b3482412edaa49da431642dc9d3fbb342e9705132b01225bc7a44c3a646f1811865edb7
-
SSDEEP
24576:BrgtIpmgeTJxQ9iANfstRiepw+6oONZqN:Brgtdt69H4Riepw+6Bj
Static task
static1
Behavioral task
behavioral1
Sample
541708b2d05295e5bda002af6b944acbd5f817f9da1b4c21cc55a90630246719.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
541708b2d05295e5bda002af6b944acbd5f817f9da1b4c21cc55a90630246719.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
delogga@gmail.com - Password:
mocxcefaktgkceun
Targets
-
-
Target
541708b2d05295e5bda002af6b944acbd5f817f9da1b4c21cc55a90630246719
-
Size
960KB
-
MD5
4ba9ff99b0d92aeafb2965fa4c534bed
-
SHA1
6aacab210def98ab002772997af5a19eeaa197d0
-
SHA256
541708b2d05295e5bda002af6b944acbd5f817f9da1b4c21cc55a90630246719
-
SHA512
8c6e00e5bcaa55a261d6684143ad57c397998fd56220c279ccb8d3491b3482412edaa49da431642dc9d3fbb342e9705132b01225bc7a44c3a646f1811865edb7
-
SSDEEP
24576:BrgtIpmgeTJxQ9iANfstRiepw+6oONZqN:Brgtdt69H4Riepw+6Bj
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-