General
-
Target
821695f1c5cfee3bdb0ce172888bfc251b30ac7d8e6939bae92a3d8f5dbdfdd0
-
Size
984KB
-
Sample
221128-v9nxyagh91
-
MD5
87d560227997de8e57d799b8178ac919
-
SHA1
5e108f5bb3a6b322cf0fb15f11b4aac0601f2102
-
SHA256
821695f1c5cfee3bdb0ce172888bfc251b30ac7d8e6939bae92a3d8f5dbdfdd0
-
SHA512
e32ba7e8fa89495456554d1d582b2391ba63e054e22d56e1c070c8a9cb93a72a5780c9a13f2717b9bf4b7f3eee7189123dab50ae6e1bbdc02e70fba01392dc65
-
SSDEEP
24576:9GxoANniFtffKpES0kkeslO864hKHTYfX2QE:9GDU0H0kke6OwhCkfm
Behavioral task
behavioral1
Sample
821695f1c5cfee3bdb0ce172888bfc251b30ac7d8e6939bae92a3d8f5dbdfdd0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
821695f1c5cfee3bdb0ce172888bfc251b30ac7d8e6939bae92a3d8f5dbdfdd0.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
thomsonbrian142@gmail.com - Password:
Thanks_101
Targets
-
-
Target
821695f1c5cfee3bdb0ce172888bfc251b30ac7d8e6939bae92a3d8f5dbdfdd0
-
Size
984KB
-
MD5
87d560227997de8e57d799b8178ac919
-
SHA1
5e108f5bb3a6b322cf0fb15f11b4aac0601f2102
-
SHA256
821695f1c5cfee3bdb0ce172888bfc251b30ac7d8e6939bae92a3d8f5dbdfdd0
-
SHA512
e32ba7e8fa89495456554d1d582b2391ba63e054e22d56e1c070c8a9cb93a72a5780c9a13f2717b9bf4b7f3eee7189123dab50ae6e1bbdc02e70fba01392dc65
-
SSDEEP
24576:9GxoANniFtffKpES0kkeslO864hKHTYfX2QE:9GDU0H0kke6OwhCkfm
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-