General
-
Target
f377b662db76cfcf5509a41f8e09674c55bd71e251745e5ff5d1328a2c015986
-
Size
818KB
-
Sample
221130-vv6jfaad29
-
MD5
6062dc511ee11c084d877c618b6f637e
-
SHA1
e26c5ec4e5998664fdc76b53328edba1ae68dd9c
-
SHA256
f377b662db76cfcf5509a41f8e09674c55bd71e251745e5ff5d1328a2c015986
-
SHA512
9047075cbd1cd82e177daa56c187bc8b4a61a21c0c9cd13f2538e7630aef55a270a7852c063f4264dd6dcb73718f8a914eed05a0916404702107a5ce890b7cfd
-
SSDEEP
12288:R8zibupKhPNNIyREr8N4fl59u9CXBLBCi34bK:uWYwHyPl5HXBLCbK
Static task
static1
Behavioral task
behavioral1
Sample
f377b662db76cfcf5509a41f8e09674c55bd71e251745e5ff5d1328a2c015986.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
kennedey.isaac@yandex.com - Password:
jozo2018
Targets
-
-
Target
f377b662db76cfcf5509a41f8e09674c55bd71e251745e5ff5d1328a2c015986
-
Size
818KB
-
MD5
6062dc511ee11c084d877c618b6f637e
-
SHA1
e26c5ec4e5998664fdc76b53328edba1ae68dd9c
-
SHA256
f377b662db76cfcf5509a41f8e09674c55bd71e251745e5ff5d1328a2c015986
-
SHA512
9047075cbd1cd82e177daa56c187bc8b4a61a21c0c9cd13f2538e7630aef55a270a7852c063f4264dd6dcb73718f8a914eed05a0916404702107a5ce890b7cfd
-
SSDEEP
12288:R8zibupKhPNNIyREr8N4fl59u9CXBLBCi34bK:uWYwHyPl5HXBLCbK
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-