General
-
Target
66dd2c7ac2b0bc7b604efa99f21a828da26c15a366a2e809e23b82dda44b63dd.zip
-
Size
287KB
-
Sample
210227-76w1m3ez7n
-
MD5
436786e67bf9225ae8952f455e1c8300
-
SHA1
bac557b3f92084379ea65825a573ada3437c9c8b
-
SHA256
b8bc91ac006713cdcf5d8afa92e2cd7099e90b583525a928d3e5fc49035bdde2
-
SHA512
3d3b4968e72d651923e47933d048698e9c2e74882d750eeef7532659340a85ae95afe5042444714a12cc133dbc69d026a8a1bee9792359e3ab90170081ee47bd
Static task
static1
Behavioral task
behavioral1
Sample
66dd2c7ac2b0bc7b604efa99f21a828da26c15a366a2e809e23b82dda44b63dd.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
66dd2c7ac2b0bc7b604efa99f21a828da26c15a366a2e809e23b82dda44b63dd.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.sapgroup.com.pk - Port:
587 - Username:
[email protected] - Password:
moin@26919
Targets
-
-
Target
66dd2c7ac2b0bc7b604efa99f21a828da26c15a366a2e809e23b82dda44b63dd.exe
-
Size
366KB
-
MD5
335a69ee25155d53f6df46c020aa90cd
-
SHA1
cbecea1d93ff376b6a7f5ea72c191d4020372344
-
SHA256
66dd2c7ac2b0bc7b604efa99f21a828da26c15a366a2e809e23b82dda44b63dd
-
SHA512
5169363ca9bbfbec00e718891976b84ff488065dcc59466517b97e241afba882e5ab0afbfa4c20ba6186feafe2f8af6175aa10c194fb5124b59155db11751d3a
Score10/10-
404 Keylogger Main Executable
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-