General
-
Target
cf7d114d30088d872c11206ddae0e1ee32086dd509606f5e0fea223d3b315ce7
-
Size
944KB
-
Sample
221130-xv5cgsag71
-
MD5
6aa5ae685bf91b8450d84e7dd527e8b8
-
SHA1
afe8cd22cf0b043762299a86c58f68ccddc0377f
-
SHA256
cf7d114d30088d872c11206ddae0e1ee32086dd509606f5e0fea223d3b315ce7
-
SHA512
38764bf96250a773f261fdccfadbe3025f7a5fed82f5dd18ddfe166c1577f416be5a92fd273d75bb4c22faf9bfa4f3e634f26988911de284f85500a5bdfdca98
-
SSDEEP
12288:BRO9uDakllvBnlx1LIlVdyo7kVbfX+txL6ulyo0Ix+zFAbMv5uf5PVQ9qPVQ91fB:BRPuSZRCVd2pczlEu+zFc49h91f57
Static task
static1
Behavioral task
behavioral1
Sample
cf7d114d30088d872c11206ddae0e1ee32086dd509606f5e0fea223d3b315ce7.exe
Resource
win7-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
lamb.talk@yandex.com - Password:
SaviO123@@
Targets
-
-
Target
cf7d114d30088d872c11206ddae0e1ee32086dd509606f5e0fea223d3b315ce7
-
Size
944KB
-
MD5
6aa5ae685bf91b8450d84e7dd527e8b8
-
SHA1
afe8cd22cf0b043762299a86c58f68ccddc0377f
-
SHA256
cf7d114d30088d872c11206ddae0e1ee32086dd509606f5e0fea223d3b315ce7
-
SHA512
38764bf96250a773f261fdccfadbe3025f7a5fed82f5dd18ddfe166c1577f416be5a92fd273d75bb4c22faf9bfa4f3e634f26988911de284f85500a5bdfdca98
-
SSDEEP
12288:BRO9uDakllvBnlx1LIlVdyo7kVbfX+txL6ulyo0Ix+zFAbMv5uf5PVQ9qPVQ91fB:BRPuSZRCVd2pczlEu+zFc49h91f57
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-