General
-
Target
5b6610379c1f06cb89307502f9a5a481dc67622146f902345f60db0ca708adc3
-
Size
968KB
-
Sample
221130-p7enlaeh7y
-
MD5
2745ff290f911865a5451f5d726fefac
-
SHA1
cebcf4314b61e6f3e13a960eb12d7075e0a0fe6d
-
SHA256
5b6610379c1f06cb89307502f9a5a481dc67622146f902345f60db0ca708adc3
-
SHA512
0c8398652c620876f7622f9425b9dd3f218351aa65a34e96866c495462d28ec0f5ddd5f46ab2d512bbb6e4c9dd87164cf110f8eaa59a9cac873849cfdde0b6d2
-
SSDEEP
24576:K3T6pi2qOpLh79Hlb8UbRV938Aa5HYvDy2WZqdRjHnAIMtZ54Lr3rmyu9GW2f2nh:oIZ9Fb8UM5HYvDy2WZqdRjHnAIMtZ54C
Static task
static1
Behavioral task
behavioral1
Sample
5b6610379c1f06cb89307502f9a5a481dc67622146f902345f60db0ca708adc3.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
lamb.talk@yandex.com - Password:
SaviO123@@
Targets
-
-
Target
5b6610379c1f06cb89307502f9a5a481dc67622146f902345f60db0ca708adc3
-
Size
968KB
-
MD5
2745ff290f911865a5451f5d726fefac
-
SHA1
cebcf4314b61e6f3e13a960eb12d7075e0a0fe6d
-
SHA256
5b6610379c1f06cb89307502f9a5a481dc67622146f902345f60db0ca708adc3
-
SHA512
0c8398652c620876f7622f9425b9dd3f218351aa65a34e96866c495462d28ec0f5ddd5f46ab2d512bbb6e4c9dd87164cf110f8eaa59a9cac873849cfdde0b6d2
-
SSDEEP
24576:K3T6pi2qOpLh79Hlb8UbRV938Aa5HYvDy2WZqdRjHnAIMtZ54Lr3rmyu9GW2f2nh:oIZ9Fb8UM5HYvDy2WZqdRjHnAIMtZ54C
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-