General
-
Target
f63c038c17a8bad076bb4ec8cc0311d567b060f0bdc61d320a42439f76450518
-
Size
1.0MB
-
Sample
221128-w1pzbafc57
-
MD5
e15db37eda24616234b26ce9a1ed5836
-
SHA1
e4ae020cfe313e56c81c800dac771c496905b25d
-
SHA256
f63c038c17a8bad076bb4ec8cc0311d567b060f0bdc61d320a42439f76450518
-
SHA512
f18e4943fc0312e9572c7e80f5c3f57609679fcdf5ec4f50f2b83922889e9a3289a2a1837658a3380fc5ae57b9527868a5476447cc44d8bf60c6e295864ffc7a
-
SSDEEP
24576:CAEBPQhTP7cqfsntzS9LhDXEmc3lPvwebDwtM9:CAEeQ6StzkL4PvdMt
Static task
static1
Behavioral task
behavioral1
Sample
f63c038c17a8bad076bb4ec8cc0311d567b060f0bdc61d320a42439f76450518.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f63c038c17a8bad076bb4ec8cc0311d567b060f0bdc61d320a42439f76450518.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
paymasterall@gmail.com - Password:
qwerty@12
Targets
-
-
Target
f63c038c17a8bad076bb4ec8cc0311d567b060f0bdc61d320a42439f76450518
-
Size
1.0MB
-
MD5
e15db37eda24616234b26ce9a1ed5836
-
SHA1
e4ae020cfe313e56c81c800dac771c496905b25d
-
SHA256
f63c038c17a8bad076bb4ec8cc0311d567b060f0bdc61d320a42439f76450518
-
SHA512
f18e4943fc0312e9572c7e80f5c3f57609679fcdf5ec4f50f2b83922889e9a3289a2a1837658a3380fc5ae57b9527868a5476447cc44d8bf60c6e295864ffc7a
-
SSDEEP
24576:CAEBPQhTP7cqfsntzS9LhDXEmc3lPvwebDwtM9:CAEeQ6StzkL4PvdMt
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-