General
-
Target
b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda
-
Size
733KB
-
Sample
221128-w2ff9sbd5x
-
MD5
8d372279da02e0a9ff014bc1946d6fa6
-
SHA1
568a984793509cdbe947d4069f8a13a783a58105
-
SHA256
b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda
-
SHA512
465753cadeb8367e4d149ef4691e20f84096d7ae1c1a919be1e285ce4ef82dfa5fb214ca9b3c3b5b44c935d60c0d904c8b2fc882b57b4613b232510e6566234a
-
SSDEEP
12288:l0BwMz4oOlNe4r/L3VTHfVHBbdv9Qu3dfp2udF39E1uq6MS43w/szenK41Saa2k:d7LVHDbdviCfnTN3qpS4mkeK4S
Static task
static1
Behavioral task
behavioral1
Sample
b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
vladirputs@mail.com - Password:
Ohiomoje129
Targets
-
-
Target
b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda
-
Size
733KB
-
MD5
8d372279da02e0a9ff014bc1946d6fa6
-
SHA1
568a984793509cdbe947d4069f8a13a783a58105
-
SHA256
b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda
-
SHA512
465753cadeb8367e4d149ef4691e20f84096d7ae1c1a919be1e285ce4ef82dfa5fb214ca9b3c3b5b44c935d60c0d904c8b2fc882b57b4613b232510e6566234a
-
SSDEEP
12288:l0BwMz4oOlNe4r/L3VTHfVHBbdv9Qu3dfp2udF39E1uq6MS43w/szenK41Saa2k:d7LVHDbdviCfnTN3qpS4mkeK4S
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-