General
-
Target
68ec85110d9754a5ddfe8a60cb62995da0b6ba33dc5c7519b006446ffa50b0aa
-
Size
292KB
-
Sample
240417-p6jk6ahf5x
-
MD5
2e61eaad8d78873ecc4e91563ae87cc3
-
SHA1
bc7162b761ac8a73283be3adcb179bc56d00b0ae
-
SHA256
68ec85110d9754a5ddfe8a60cb62995da0b6ba33dc5c7519b006446ffa50b0aa
-
SHA512
80bcb5fdce67d5be643cb15497cf4e98824af002ca96f017c3e02efbe07d79cb8b831273af779dc67da354dab62a1f9d4cb1749c344675c9b979ae209b5e2598
-
SSDEEP
6144:gWEdhdmo0HtOEBNPsF/lG3tkR/lP+HmOOFJyFAkRJM0BT7YOm:gNd6o0NOEBBw/lktkxOl00+Om
Static task
static1
Behavioral task
behavioral1
Sample
746d8f96f8153a4e45bb998ec885c82ffa1b4aaa18eb1381db2a2ed851e876cc.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
746d8f96f8153a4e45bb998ec885c82ffa1b4aaa18eb1381db2a2ed851e876cc.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.lucd.ru - Port:
21 - Username:
[email protected] - Password:
doll@@2020
Targets
-
-
Target
746d8f96f8153a4e45bb998ec885c82ffa1b4aaa18eb1381db2a2ed851e876cc.exe
-
Size
520KB
-
MD5
42975e59f70448efb621c1f9c4bca01b
-
SHA1
acd00215d93e8e81d32e10d0a88127da4133c1da
-
SHA256
746d8f96f8153a4e45bb998ec885c82ffa1b4aaa18eb1381db2a2ed851e876cc
-
SHA512
312ef962115a65a13459702995c6b71363238658a4fe2bbf1075bc5333aff03eafdae83999a6789cff9ee1c3a0bcdcea1c37ad18629a60eef2ce21587440afcc
-
SSDEEP
6144:uuaqLk33bS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9v:y33QtqB5urTIoYWBQk1E+VF9mOx9Vi
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-