General
-
Target
NEW PURCHASE ORDER.exe
-
Size
577KB
-
Sample
210201-1mr51wzzs6
-
MD5
3080525809aefe707920c99cf4188b9a
-
SHA1
ca74f0622d9125aa89c563609ad562f82f1877c7
-
SHA256
5c490fcd927f87434dca860aa71947a31942bcabfed0adb27ab16a0fe1412fe1
-
SHA512
7abaf9d7002dbf437c991629d6cd876b69a0ee05f1fef586c3b8749cbededddc486524082c6065ad1260c0aa3c5976c2edeb9f8901dda19a1557bf0040c06eb5
Static task
static1
Behavioral task
behavioral1
Sample
NEW PURCHASE ORDER.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
NEW PURCHASE ORDER.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
NEW PURCHASE ORDER.exe
-
Size
577KB
-
MD5
3080525809aefe707920c99cf4188b9a
-
SHA1
ca74f0622d9125aa89c563609ad562f82f1877c7
-
SHA256
5c490fcd927f87434dca860aa71947a31942bcabfed0adb27ab16a0fe1412fe1
-
SHA512
7abaf9d7002dbf437c991629d6cd876b69a0ee05f1fef586c3b8749cbededddc486524082c6065ad1260c0aa3c5976c2edeb9f8901dda19a1557bf0040c06eb5
Score10/10-
Snake Keylogger Payload
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-