General
-
Target
746d8f96f8153a4e45bb998ec885c82ffa1b4aaa18eb1381db2a2ed851e876cc.exe
-
Size
520KB
-
Sample
230710-ll3lrahf59
-
MD5
42975e59f70448efb621c1f9c4bca01b
-
SHA1
acd00215d93e8e81d32e10d0a88127da4133c1da
-
SHA256
746d8f96f8153a4e45bb998ec885c82ffa1b4aaa18eb1381db2a2ed851e876cc
-
SHA512
312ef962115a65a13459702995c6b71363238658a4fe2bbf1075bc5333aff03eafdae83999a6789cff9ee1c3a0bcdcea1c37ad18629a60eef2ce21587440afcc
-
SSDEEP
6144:uuaqLk33bS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9v:y33QtqB5urTIoYWBQk1E+VF9mOx9Vi
Static task
static1
Behavioral task
behavioral1
Sample
746d8f96f8153a4e45bb998ec885c82ffa1b4aaa18eb1381db2a2ed851e876cc.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
746d8f96f8153a4e45bb998ec885c82ffa1b4aaa18eb1381db2a2ed851e876cc.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.lucd.ru - Port:
21 - Username:
emma2221@lucd.ru - Password:
doll@@2020
Targets
-
-
Target
746d8f96f8153a4e45bb998ec885c82ffa1b4aaa18eb1381db2a2ed851e876cc.exe
-
Size
520KB
-
MD5
42975e59f70448efb621c1f9c4bca01b
-
SHA1
acd00215d93e8e81d32e10d0a88127da4133c1da
-
SHA256
746d8f96f8153a4e45bb998ec885c82ffa1b4aaa18eb1381db2a2ed851e876cc
-
SHA512
312ef962115a65a13459702995c6b71363238658a4fe2bbf1075bc5333aff03eafdae83999a6789cff9ee1c3a0bcdcea1c37ad18629a60eef2ce21587440afcc
-
SSDEEP
6144:uuaqLk33bS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9v:y33QtqB5urTIoYWBQk1E+VF9mOx9Vi
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-