General
-
Target
DHL SHIPMENT DOCUMENT.ISO
-
Size
1.2MB
-
Sample
210226-rc7vjtqk46
-
MD5
e891b09f087b44e279c3b61a76f1a34d
-
SHA1
dc775320aec7dedf62b7e2eacaaeecc2284f65aa
-
SHA256
1c4cf21b68089a3ec3d33ef7580c3f4d3d0b492ab495c16477330a4abffaf282
-
SHA512
8bac798930566919440050a7083ae6c298accc25c8b1a024e9c1b31dc4fee1fe632687dcd2e06feca14e2fd3dd469db8ce975b75ebd09cf5d2f7dda1d5f84586
Static task
static1
Behavioral task
behavioral1
Sample
DHL_SHIP.EXE
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL_SHIP.EXE
Resource
win10v20201028
Malware Config
Targets
-
-
Target
DHL_SHIP.EXE
-
Size
20KB
-
MD5
9121604701673e2840cd3a8fb4d5672b
-
SHA1
428874c8045f5bef784b6139be6020b8c5e8439e
-
SHA256
0f2248b251c06a4670cc3708f230beb695f536d2aa9f3d6a88e627635fa54c6a
-
SHA512
36ce6182b5ab6607fb06f7f0654ddf3c85d8ba32f7a4c1f6417727adc3b864ee76408865447d5dd0102533971687124e63197f27f61d67878f2a3c1bd289e85b
-
Snake Keylogger Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-