General
-
Target
50ddb0762fcd661f619cecdd9f62cb62ee1de9e63532d0a1d17e452dda709779
-
Size
1.5MB
-
Sample
221128-ttxdpsge46
-
MD5
0ac6e0bfcc378bfa3b6f2e8688058c62
-
SHA1
80f1722091176c7dae5c8370a6b790fc32db0d2a
-
SHA256
50ddb0762fcd661f619cecdd9f62cb62ee1de9e63532d0a1d17e452dda709779
-
SHA512
578e22e99143c6994c3c088f5d7ad8781f2d82525df9e0896f8864291a0e79df26a5db9f304f01a38da52370e1701bb55c73ddb3b30bb39819d1376b9ed0eb47
-
SSDEEP
49152:wkwkn9IMHeayh5KyMLX61Gc4GztGdLBiZaPCS:LdnV0hML6UzGztGdjPC
Static task
static1
Behavioral task
behavioral1
Sample
50ddb0762fcd661f619cecdd9f62cb62ee1de9e63532d0a1d17e452dda709779.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
50ddb0762fcd661f619cecdd9f62cb62ee1de9e63532d0a1d17e452dda709779.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
mthcontrast.dk@gmail.com - Password:
kelechi1
Targets
-
-
Target
50ddb0762fcd661f619cecdd9f62cb62ee1de9e63532d0a1d17e452dda709779
-
Size
1.5MB
-
MD5
0ac6e0bfcc378bfa3b6f2e8688058c62
-
SHA1
80f1722091176c7dae5c8370a6b790fc32db0d2a
-
SHA256
50ddb0762fcd661f619cecdd9f62cb62ee1de9e63532d0a1d17e452dda709779
-
SHA512
578e22e99143c6994c3c088f5d7ad8781f2d82525df9e0896f8864291a0e79df26a5db9f304f01a38da52370e1701bb55c73ddb3b30bb39819d1376b9ed0eb47
-
SSDEEP
49152:wkwkn9IMHeayh5KyMLX61Gc4GztGdLBiZaPCS:LdnV0hML6UzGztGdjPC
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-