General
-
Target
26208c834b6cf1ceaafe62ff1398b479db24e2dd92c0e61e38b05f90fbc34749
-
Size
1005KB
-
Sample
221128-wlq8tsaa8s
-
MD5
ba11d47be9d8609d31c1e71c839ccfef
-
SHA1
5829d66ab0ac2b626c826a7656aaca439eeed2f7
-
SHA256
26208c834b6cf1ceaafe62ff1398b479db24e2dd92c0e61e38b05f90fbc34749
-
SHA512
8cc56f8a491fd0cb07a803f9ee1ba07c8ab3fde814decb3f5c53096ac3a47362b5ddab2caad787ac215d13d095ef6dc3df8e4196ee98cba51d69a34c7fe75693
-
SSDEEP
24576:ajr1UHd4dk8XzoE7vOFH91VYyNEJ96HJPi8UnQsWqSfz3:Ir3d2GvOh9gYEJ0Vi8UnSfz
Static task
static1
Behavioral task
behavioral1
Sample
26208c834b6cf1ceaafe62ff1398b479db24e2dd92c0e61e38b05f90fbc34749.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
26208c834b6cf1ceaafe62ff1398b479db24e2dd92c0e61e38b05f90fbc34749.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
davidchua@mail.ru - Password:
riches123
Targets
-
-
Target
26208c834b6cf1ceaafe62ff1398b479db24e2dd92c0e61e38b05f90fbc34749
-
Size
1005KB
-
MD5
ba11d47be9d8609d31c1e71c839ccfef
-
SHA1
5829d66ab0ac2b626c826a7656aaca439eeed2f7
-
SHA256
26208c834b6cf1ceaafe62ff1398b479db24e2dd92c0e61e38b05f90fbc34749
-
SHA512
8cc56f8a491fd0cb07a803f9ee1ba07c8ab3fde814decb3f5c53096ac3a47362b5ddab2caad787ac215d13d095ef6dc3df8e4196ee98cba51d69a34c7fe75693
-
SSDEEP
24576:ajr1UHd4dk8XzoE7vOFH91VYyNEJ96HJPi8UnQsWqSfz3:Ir3d2GvOh9gYEJ0Vi8UnSfz
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-