General
-
Target
d68349e51ec193ea5639ac34a3b2f480558239e0e049cc5638b648d8b69bc864
-
Size
992KB
-
Sample
221128-vyd9csfh7x
-
MD5
d8d04ed7fe6f529ff14acadf0c0ad853
-
SHA1
47f06f38172d24092f922281ba03132dfb9395c1
-
SHA256
d68349e51ec193ea5639ac34a3b2f480558239e0e049cc5638b648d8b69bc864
-
SHA512
a2f82f052177eaedb213beba261d3b45937418549843d7ed31cae808c874a1a9dfe687deb19bd0e431748cd1d764c071dab0ef5f0d7a21a2ec337d98c021a8b2
-
SSDEEP
24576:BzuhzZp4rpRwUjaQL7zS1Zj10az9+oD9tEuB:BS9slRJvL7zsJz4oDvE
Static task
static1
Behavioral task
behavioral1
Sample
d68349e51ec193ea5639ac34a3b2f480558239e0e049cc5638b648d8b69bc864.exe
Resource
win7-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.ftnpkl.com.my - Port:
587 - Username:
kcchan@ftnpkl.com.my - Password:
ftn001
Targets
-
-
Target
d68349e51ec193ea5639ac34a3b2f480558239e0e049cc5638b648d8b69bc864
-
Size
992KB
-
MD5
d8d04ed7fe6f529ff14acadf0c0ad853
-
SHA1
47f06f38172d24092f922281ba03132dfb9395c1
-
SHA256
d68349e51ec193ea5639ac34a3b2f480558239e0e049cc5638b648d8b69bc864
-
SHA512
a2f82f052177eaedb213beba261d3b45937418549843d7ed31cae808c874a1a9dfe687deb19bd0e431748cd1d764c071dab0ef5f0d7a21a2ec337d98c021a8b2
-
SSDEEP
24576:BzuhzZp4rpRwUjaQL7zS1Zj10az9+oD9tEuB:BS9slRJvL7zsJz4oDvE
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-