General
-
Target
PROFORMA INVOICE.zip
-
Size
13KB
-
Sample
210226-pl45kvymes
-
MD5
e8ebb6aa34f433dd1e599805585ab1ac
-
SHA1
588b5cdf3cf77b3279a91619a5210c2db94dfa49
-
SHA256
bf627f5a302ee1d209cdf256611c9086d2fc87b5ba42cd20704ba90d64555d2a
-
SHA512
db957f6cfa5ca1e4421ff10855fb94f2967fc9a572a881588beb0a1b9c48d3fb5a4e899378f19294aad223d01868d627bb148fd0329518b3198ac2538e0c8fd3
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA INVOICE.scr
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PROFORMA INVOICE.scr
Resource
win10v20201028
Malware Config
Targets
-
-
Target
PROFORMA INVOICE.scr
-
Size
22KB
-
MD5
4480e5c41df955746e6b762828e64ddb
-
SHA1
75fd2876572e72da98a99065152c338f935d722f
-
SHA256
98bba6280dc438b35e3d0a4f468d1e50dd44bdafdd3e8c396a6dacf6be50fd71
-
SHA512
92db76915c468ab2e3a1185b3ee5a0d8849bfb623e5bfdf0fa128a002b16e768097b9440c905a4cb38b70aee9b36c21ce2db57f150f93fc5845ff5f667957a41
Score10/10-
Snake Keylogger Payload
-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-