General
-
Target
6eb693390a7833f1f88b6f75be8dca0d8728bbee60242650c214890c2b428e82
-
Size
729KB
-
Sample
221130-xgw4yshf7s
-
MD5
fdf28592e605631c9ddb543858ccddaf
-
SHA1
d57c3f36fa2f48ae26ba21e1e3d00a4ea8041531
-
SHA256
6eb693390a7833f1f88b6f75be8dca0d8728bbee60242650c214890c2b428e82
-
SHA512
21ba1a27ea158a4c278d0f50a9a9ff58e8bf6b0b3a07baa73fc74fd62d887873c54cef2bd74b279c842b628b88a0ff77c7a7f143f396084108ca494edac9c1ff
-
SSDEEP
12288:NTwZUC/WMY+PAJem5QCWpFRLQ4Zqe+q04iZtiQjOcfu5KQE:NOUX/eJm55KFRU4Zqer04iHjOcfu5DE
Static task
static1
Behavioral task
behavioral1
Sample
6eb693390a7833f1f88b6f75be8dca0d8728bbee60242650c214890c2b428e82.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.fast-cargo.com - Port:
21 - Username:
anita@fast-cargo.com - Password:
Heartbeat1
Targets
-
-
Target
6eb693390a7833f1f88b6f75be8dca0d8728bbee60242650c214890c2b428e82
-
Size
729KB
-
MD5
fdf28592e605631c9ddb543858ccddaf
-
SHA1
d57c3f36fa2f48ae26ba21e1e3d00a4ea8041531
-
SHA256
6eb693390a7833f1f88b6f75be8dca0d8728bbee60242650c214890c2b428e82
-
SHA512
21ba1a27ea158a4c278d0f50a9a9ff58e8bf6b0b3a07baa73fc74fd62d887873c54cef2bd74b279c842b628b88a0ff77c7a7f143f396084108ca494edac9c1ff
-
SSDEEP
12288:NTwZUC/WMY+PAJem5QCWpFRLQ4Zqe+q04iZtiQjOcfu5KQE:NOUX/eJm55KFRU4Zqer04iHjOcfu5DE
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-