General
-
Target
sdsd.exe
-
Size
799KB
-
Sample
250603-165zyaan3x
-
MD5
d060863cb7247a2be6c568cfd1373ee1
-
SHA1
35f8073703ed2e3fdcbd9cf1997a02fe3c97ccfc
-
SHA256
29e83a7059414c6c368353378cba95670e4dccd8e4c001dec41f2648abba8170
-
SHA512
856a2ead2663c427f0a39ef070f68d8bf160baa4cfdaf536beecd42c73f94e85948e5222d9cc1f112720329bc6f709f77d916ef6166c166eabefa9b5577e43f3
-
SSDEEP
12288:oHDuQtqB5urTIoYWBQk1E+VF9mOx9EiIs/7XmZmBvjV6UDWi:EuQtqBorTlYWBhE+V3mOs
Static task
static1
Behavioral task
behavioral1
Sample
sdsd.exe
Resource
win10ltsc2021-20250425-en
Behavioral task
behavioral2
Sample
sdsd.exe
Resource
win11-20250502-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
YourPassword
Targets
-
-
Target
sdsd.exe
-
Size
799KB
-
MD5
d060863cb7247a2be6c568cfd1373ee1
-
SHA1
35f8073703ed2e3fdcbd9cf1997a02fe3c97ccfc
-
SHA256
29e83a7059414c6c368353378cba95670e4dccd8e4c001dec41f2648abba8170
-
SHA512
856a2ead2663c427f0a39ef070f68d8bf160baa4cfdaf536beecd42c73f94e85948e5222d9cc1f112720329bc6f709f77d916ef6166c166eabefa9b5577e43f3
-
SSDEEP
12288:oHDuQtqB5urTIoYWBQk1E+VF9mOx9EiIs/7XmZmBvjV6UDWi:EuQtqBorTlYWBhE+V3mOs
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1