General
-
Target
88ef067a0a075ea4f434a076be97b8dfab370ef43209bd6bb08c988b16c0bd3a
-
Size
785KB
-
Sample
221130-rv687acb2s
-
MD5
f3cae6ba2dd58e0afcc5b6fd206cd63d
-
SHA1
76d86aaca1dc8caee70e444d735b5881e85dfc0e
-
SHA256
88ef067a0a075ea4f434a076be97b8dfab370ef43209bd6bb08c988b16c0bd3a
-
SHA512
ec9bf646ec32644ada7d9c90250d8bb61de6cc39e98af71420f4167f53221e01c4a41f4b7f92318f29deeeabad29e49cbba93b4ebd41f5dc33db07ae21dfec77
-
SSDEEP
12288:Ob7y8y0/L+aDYgR4HOuL8+I3/Rbt18ZnARSQcedvSAImNcLo9:8y8ygjhR4H3A+Kbgn6d6AtNcLo9
Static task
static1
Behavioral task
behavioral1
Sample
88ef067a0a075ea4f434a076be97b8dfab370ef43209bd6bb08c988b16c0bd3a.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
lamb.talk@yandex.com - Password:
SaviO123@@
Targets
-
-
Target
88ef067a0a075ea4f434a076be97b8dfab370ef43209bd6bb08c988b16c0bd3a
-
Size
785KB
-
MD5
f3cae6ba2dd58e0afcc5b6fd206cd63d
-
SHA1
76d86aaca1dc8caee70e444d735b5881e85dfc0e
-
SHA256
88ef067a0a075ea4f434a076be97b8dfab370ef43209bd6bb08c988b16c0bd3a
-
SHA512
ec9bf646ec32644ada7d9c90250d8bb61de6cc39e98af71420f4167f53221e01c4a41f4b7f92318f29deeeabad29e49cbba93b4ebd41f5dc33db07ae21dfec77
-
SSDEEP
12288:Ob7y8y0/L+aDYgR4HOuL8+I3/Rbt18ZnARSQcedvSAImNcLo9:8y8ygjhR4H3A+Kbgn6d6AtNcLo9
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-