General
-
Target
af41b9ac95c32686ba1ef373929b54f49088e5c4f295fe828b43b32b5160aa78
-
Size
898KB
-
Sample
240725-1dm9eswcmp
-
MD5
c02798b26bdaf8e27c1c48ef5de4b2c3
-
SHA1
bc59ab8827e13d1a9a1892eb4da9cf2d7d62a615
-
SHA256
af41b9ac95c32686ba1ef373929b54f49088e5c4f295fe828b43b32b5160aa78
-
SHA512
b541aeedcc4db6f8e0db0788f2791339476a863c15efc72aef3db916fc7c8ab41d84c0546c05b675be4d7700c4f986dbae5e2858d60ecd44b4ffbcae2065cfc4
-
SSDEEP
24576:juDXTIGaPhEYzUzA0aouDXTIGaPhEYzUzA0br:KDjlabwz9MDjlabwz93
Score
10/10
Malware Config
Extracted
Credentials
Protocol: smtp- Host:
smtp.ll.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
tom1209
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontiernet.net - Port:
587 - Username:
[email protected] - Password:
#40grandma
Extracted
Credentials
Protocol: smtp- Host:
smtp.ag.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
southpark
Extracted
Credentials
Protocol: smtp- Host:
smtp.af.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
0310ti
Extracted
Credentials
Protocol: smtp- Host:
smtp.nifty.com - Port:
587 - Username:
[email protected] - Password:
mitsutec
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontiernet.net - Port:
587 - Username:
[email protected] - Password:
necros
Extracted
Credentials
Protocol: smtp- Host:
ma.medias.ne.jp - Port:
587 - Username:
[email protected] - Password:
422406
Extracted
Credentials
Protocol: smtp- Host:
smtp.netzero.net - Port:
587 - Username:
[email protected] - Password:
tahiti3738
Extracted
Credentials
Protocol: smtp- Host:
smtp.srpadvocacia.com - Port:
587 - Username:
[email protected] - Password:
adv1082020
Extracted
Credentials
Protocol: smtp- Host:
smtp.foxvalley.net - Port:
587 - Username:
[email protected] - Password:
Stude38
Extracted
Credentials
Protocol: smtp- Host:
smtp.ax.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
bornin58
Extracted
Credentials
Protocol: smtp- Host:
smtp.netzero.com - Port:
587 - Username:
[email protected] - Password:
zoarvalley08
Extracted
Credentials
Protocol: smtp- Host:
smtp.ax.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
0310ti
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
drake97
Extracted
Credentials
Protocol: smtp- Host:
smtp.rmilani.com.br - Port:
587 - Username:
[email protected] - Password:
milani
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
Lucylu12@
Extracted
Credentials
Protocol: smtp- Host:
mail.wxmail.xyz - Port:
587 - Username:
[email protected] - Password:
Iiy4t3NJSb1.0
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
gravel1@
Extracted
Credentials
Protocol: smtp- Host:
smtp.ab.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
yuto0920
Extracted
Credentials
Protocol: smtp- Host:
smtp.pp.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
vj3ehsjp
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
Blood_line123@
Extracted
Credentials
Protocol: smtp- Host:
mail.eastcom.ne.jp - Port:
587 - Username:
[email protected] - Password:
shirokun
Extracted
Credentials
Protocol: smtp- Host:
smtp.foxvalley.net - Port:
587 - Username:
[email protected] - Password:
Gaj12783
Extracted
Credentials
Protocol: smtp- Host:
smtp.pp.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
igirisu0617
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
marissa1@
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
1499blitz@
Extracted
Credentials
Protocol: smtp- Host:
mx2.flekssitoffice.com - Port:
587 - Username:
[email protected] - Password:
vGs$9388
Extracted
Credentials
Protocol: smtp- Host:
mail.99main.com - Port:
587 - Username:
[email protected] - Password:
ling97
Extracted
Credentials
Protocol: smtp- Host:
smtp.aa.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
kmn3tm73
Extracted
Credentials
Protocol: smtp- Host:
smtp.ct.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
1316jtxx
Extracted
Credentials
Protocol: smtp- Host:
ab.thn.ne.jp - Port:
587 - Username:
[email protected] - Password:
0lsiqa7w
Extracted
Credentials
Protocol: smtp- Host:
smtp.ct.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
423853544
Extracted
Credentials
Protocol: smtp- Host:
smtp.citlink.net - Port:
587 - Username:
[email protected] - Password:
Hmfogtliwt2@
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
Medion11@
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
236898@@
Extracted
Credentials
Protocol: smtp- Host:
smtp.az.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
hh5126
Extracted
Credentials
Protocol: smtp- Host:
techpilelko.in - Port:
587 - Username:
[email protected] - Password:
mashish@760
Extracted
Credentials
Protocol: smtp- Host:
smtp.netzero.net - Port:
587 - Username:
[email protected] - Password:
kudo1856
Extracted
Credentials
Protocol: smtp- Host:
smtp.nifty.ne.jp - Port:
587 - Username:
[email protected] - Password:
katsugoro00
Extracted
Credentials
Protocol: smtp- Host:
smtp.af.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
hh5126
Extracted
Credentials
Protocol: smtp- Host:
smtp.elettro-service.com - Port:
587 - Username:
[email protected] - Password:
*Lara1970*
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
Skeeter1@
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
Orphan@
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
Frontier1
Extracted
Credentials
Protocol: smtp- Host:
smtp.nn.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
mongoose
Extracted
Credentials
Protocol: smtp- Host:
smtp.coqui.net - Port:
587 - Username:
[email protected] - Password:
EDGARDVG
Extracted
Credentials
Protocol: smtp- Host:
smtp.nn.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
yuto0920
Extracted
Credentials
Protocol: smtp- Host:
smtp.nn.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
rhne7psb
Extracted
Credentials
Protocol: smtp- Host:
smtp.nn.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
hiroki1150
Extracted
Credentials
Protocol: smtp- Host:
smtp.phoenix-rto.it - Port:
587 - Username:
[email protected] - Password:
Mplacentino#1
Extracted
Credentials
Protocol: smtp- Host:
mail.kaluwonuea.go.th - Port:
587 - Username:
[email protected] - Password:
73511023
Extracted
Credentials
Protocol: smtp- Host:
smtp.nn.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
0310ti
Extracted
Credentials
Protocol: smtp- Host:
mail.mariola.com - Port:
587 - Username:
[email protected] - Password:
9600casa
Extracted
Credentials
Protocol: smtp- Host:
smtp.ax.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
197377
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
Squidney1@
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
escu7Dete!
Extracted
Credentials
Protocol: smtp- Host:
smtp.jcom.home.ne.jp - Port:
587 - Username:
[email protected]
Extracted
Credentials
Protocol: smtp- Host:
patientconnections.co.uk - Port:
587 - Username:
[email protected] - Password:
x5856h4v
Extracted
Credentials
Protocol: smtp- Host:
mail.resonance.ac.in - Port:
587 - Username:
[email protected]
Extracted
Credentials
Protocol: smtp- Host:
smtp.ax.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
password
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
Gidget#1@
Extracted
Credentials
Protocol: smtp- Host:
smtp.ax.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
igirisu0617
Extracted
Credentials
Protocol: smtp- Host:
smtp.ax.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
mongoose
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
1962Kindan@
Extracted
Credentials
Protocol: smtp- Host:
smtp.ax.em-net.ne.jp - Port:
587 - Username:
[email protected] - Password:
shizu1216
Extracted
Credentials
Protocol: smtp- Host:
tx.thn.ne.jp - Port:
587 - Username:
[email protected] - Password:
xrw3eucq
Extracted
Credentials
Protocol: smtp- Host:
smtp.frontier.com - Port:
587 - Username:
[email protected] - Password:
3stooges
Extracted
Credentials
Protocol: smtp- Host:
smtp.an.em-net.ne.jp - Port:
587 - Username:
[email protected]
Extracted
Credentials
Protocol: smtp- Host:
smtp.an.em-net.ne.jp - Port:
587 - Username:
[email protected]
Targets
-
-
Target
af41b9ac95c32686ba1ef373929b54f49088e5c4f295fe828b43b32b5160aa78
-
Size
898KB
-
MD5
c02798b26bdaf8e27c1c48ef5de4b2c3
-
SHA1
bc59ab8827e13d1a9a1892eb4da9cf2d7d62a615
-
SHA256
af41b9ac95c32686ba1ef373929b54f49088e5c4f295fe828b43b32b5160aa78
-
SHA512
b541aeedcc4db6f8e0db0788f2791339476a863c15efc72aef3db916fc7c8ab41d84c0546c05b675be4d7700c4f986dbae5e2858d60ecd44b4ffbcae2065cfc4
-
SSDEEP
24576:juDXTIGaPhEYzUzA0aouDXTIGaPhEYzUzA0br:KDjlabwz9MDjlabwz93
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-