General
-
Target
ccf4ce2564666ba8df8a49e07afdff479227f45674eebfa6a25d1078c2a81dc3
-
Size
1.0MB
-
Sample
221128-w1qwlsfc59
-
MD5
6fd8c6cf1f264fd18e2294e1ee953202
-
SHA1
c40018a9b45c970dce3ba0c277d2fe49b42b7965
-
SHA256
ccf4ce2564666ba8df8a49e07afdff479227f45674eebfa6a25d1078c2a81dc3
-
SHA512
9a98825e0f1ffd35238c42e89d467dd90cfe8d0ec149875dba721663b07cff47f9edb4bb0c4bab4888bd154643bfa6575a6b26d45366ec12c9df6d057519619c
-
SSDEEP
24576:tUdn+bXykbiGVxeMO/S93ZqrkL7OtgtaeHAzbLe:tMuH249oSpLpanv
Static task
static1
Behavioral task
behavioral1
Sample
ccf4ce2564666ba8df8a49e07afdff479227f45674eebfa6a25d1078c2a81dc3.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ccf4ce2564666ba8df8a49e07afdff479227f45674eebfa6a25d1078c2a81dc3.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
vin2emeka@gmail.com - Password:
love14feb
Targets
-
-
Target
ccf4ce2564666ba8df8a49e07afdff479227f45674eebfa6a25d1078c2a81dc3
-
Size
1.0MB
-
MD5
6fd8c6cf1f264fd18e2294e1ee953202
-
SHA1
c40018a9b45c970dce3ba0c277d2fe49b42b7965
-
SHA256
ccf4ce2564666ba8df8a49e07afdff479227f45674eebfa6a25d1078c2a81dc3
-
SHA512
9a98825e0f1ffd35238c42e89d467dd90cfe8d0ec149875dba721663b07cff47f9edb4bb0c4bab4888bd154643bfa6575a6b26d45366ec12c9df6d057519619c
-
SSDEEP
24576:tUdn+bXykbiGVxeMO/S93ZqrkL7OtgtaeHAzbLe:tMuH249oSpLpanv
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-