General
-
Target
85dfdff027127abd9af70e5478c4741fc868ff759ea65ec89beb4defc47f57db
-
Size
1.0MB
-
Sample
221128-w1sp7sfc62
-
MD5
f57badc10bac48c5b4ac8da6ecd297ea
-
SHA1
dbb74f81c2c2b2d735e42c6d65501cf72aad111b
-
SHA256
85dfdff027127abd9af70e5478c4741fc868ff759ea65ec89beb4defc47f57db
-
SHA512
7b1df820025aeac5d6034e499087823876c23a17beea460d3859b9035374ac4bdee76830c352965014d22a77cbfc6e9541e35e77fbd1e2eae9f166f11a2a8ab1
-
SSDEEP
24576:fnmDRWtd3k1v69CRYwDVyqFYfhPaRV+Qb1OwGT:fnmDSd3jqDAQMhSRV+Qb1Of
Static task
static1
Behavioral task
behavioral1
Sample
85dfdff027127abd9af70e5478c4741fc868ff759ea65ec89beb4defc47f57db.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
85dfdff027127abd9af70e5478c4741fc868ff759ea65ec89beb4defc47f57db.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
paymasterall@gmail.com - Password:
qwerty@12
Targets
-
-
Target
85dfdff027127abd9af70e5478c4741fc868ff759ea65ec89beb4defc47f57db
-
Size
1.0MB
-
MD5
f57badc10bac48c5b4ac8da6ecd297ea
-
SHA1
dbb74f81c2c2b2d735e42c6d65501cf72aad111b
-
SHA256
85dfdff027127abd9af70e5478c4741fc868ff759ea65ec89beb4defc47f57db
-
SHA512
7b1df820025aeac5d6034e499087823876c23a17beea460d3859b9035374ac4bdee76830c352965014d22a77cbfc6e9541e35e77fbd1e2eae9f166f11a2a8ab1
-
SSDEEP
24576:fnmDRWtd3k1v69CRYwDVyqFYfhPaRV+Qb1OwGT:fnmDSd3jqDAQMhSRV+Qb1Of
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-