General
-
Target
_New PO.xls_.zip
-
Size
599KB
-
Sample
210423-qmtgtmj9wa
-
MD5
1d52eb40d9250600ad3effc351f7c9ad
-
SHA1
964677b23aef6187890b6fc1c9b6956e4e09adf6
-
SHA256
a8fa9629e664dc5169ba376825d202790690218a3e00ef7393d2e19e1a983a20
-
SHA512
b00f7310cb000d14090a079a3fdd8816d5037e172ce31c9f140ed37efc92a715bcb08faecd19cfe576cf8acdb94ead93261d15a505cc1fe68289f85415375ea4
Static task
static1
Behavioral task
behavioral1
Sample
New PO.xls_.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
New PO.xls_.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.lallyautomobiles.net - Port:
587 - Username:
servicekrl@lallyautomobiles.net - Password:
Welcome@2021
Targets
-
-
Target
New PO.xls_.exe
-
Size
823KB
-
MD5
25ca1917e0bceca252031cd318ca2255
-
SHA1
b241b8ce758acfd6ff0a3df464caf7f3105d0777
-
SHA256
5ee0ab3fbf21156b9e04fcc7e3a7a80934d11a34855c826985661fb276de88fb
-
SHA512
3e9a48a3e927969a2f7f740afee8f37bb188831477d13dd3442b307eff8e90ccf1c3a154c2e1215bd605650c27c358558fad0a2bf6d291a7f17609bd83056309
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-