General
-
Target
bdd92a57e118e1096dadca53feb929fb023f24eb4d8fbcefd6e8d0752ddfb8ce
-
Size
1.0MB
-
Sample
221128-xv7slsdh61
-
MD5
3e42e46cb2bba71265a1d364e7e65379
-
SHA1
33c51a13d8a799bb939c2f0285d77e27585bc4b2
-
SHA256
bdd92a57e118e1096dadca53feb929fb023f24eb4d8fbcefd6e8d0752ddfb8ce
-
SHA512
e5aef8514fe94b966db5e878b354c201da6ee747c1d717e422e891bd6292d27e072fe889e45ab5d6d97c9142c9636d64b8424a1da03334ff6efbfe8676e931d7
-
SSDEEP
24576:+Ne+ND84B1OCtvrbsCaANGPLvRYMc/d8E9AikP:2e+No4BDvc7dYMchtk
Static task
static1
Behavioral task
behavioral1
Sample
bdd92a57e118e1096dadca53feb929fb023f24eb4d8fbcefd6e8d0752ddfb8ce.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
bdd92a57e118e1096dadca53feb929fb023f24eb4d8fbcefd6e8d0752ddfb8ce.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
theresultbox77@gmail.com - Password:
drlwjrdttnageixp
Targets
-
-
Target
bdd92a57e118e1096dadca53feb929fb023f24eb4d8fbcefd6e8d0752ddfb8ce
-
Size
1.0MB
-
MD5
3e42e46cb2bba71265a1d364e7e65379
-
SHA1
33c51a13d8a799bb939c2f0285d77e27585bc4b2
-
SHA256
bdd92a57e118e1096dadca53feb929fb023f24eb4d8fbcefd6e8d0752ddfb8ce
-
SHA512
e5aef8514fe94b966db5e878b354c201da6ee747c1d717e422e891bd6292d27e072fe889e45ab5d6d97c9142c9636d64b8424a1da03334ff6efbfe8676e931d7
-
SSDEEP
24576:+Ne+ND84B1OCtvrbsCaANGPLvRYMc/d8E9AikP:2e+No4BDvc7dYMchtk
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-