General
-
Target
Oginal BL-Invoice & Packing List.exe
-
Size
815KB
-
Sample
210616-5d3ltkmxms
-
MD5
7c8cfedd6bac1cf360551e163a7fea79
-
SHA1
6474ba5971d9ff884b7856c6af5cca526ff58143
-
SHA256
4c5235c129cc01a69a1dfb4f50dd0cf670f9546679009e131547ebdcf35cde41
-
SHA512
835f90702c3bc824ecdbb420ef6aee690ee6de751af6219fb6cf6020a67aeb54ff0727112970f285bd54eedf1b6c69da3c3d098980aa6c190253bd66da15230b
Static task
static1
Behavioral task
behavioral1
Sample
Oginal BL-Invoice & Packing List.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Oginal BL-Invoice & Packing List.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1649522634:AAHMzNdMfGYzqUhrEozD2OA_g2yGuKCp2WA/sendMessage?chat_id=1681120947
Targets
-
-
Target
Oginal BL-Invoice & Packing List.exe
-
Size
815KB
-
MD5
7c8cfedd6bac1cf360551e163a7fea79
-
SHA1
6474ba5971d9ff884b7856c6af5cca526ff58143
-
SHA256
4c5235c129cc01a69a1dfb4f50dd0cf670f9546679009e131547ebdcf35cde41
-
SHA512
835f90702c3bc824ecdbb420ef6aee690ee6de751af6219fb6cf6020a67aeb54ff0727112970f285bd54eedf1b6c69da3c3d098980aa6c190253bd66da15230b
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-