General
-
Target
PL & BL Document.exe
-
Size
172KB
-
Sample
210617-svl6prmcla
-
MD5
8559c430e3b9b62c7cec4dc888ed93b4
-
SHA1
30df19acd08635eec772e170389bb538ba3425ba
-
SHA256
b2f60d46128b21f56e9ad190fd599edb308b40dff4edf77cb17457dc161a746c
-
SHA512
7cf3f8e19331ce9b64d5c0330044770ee8f090c863f36a7a776b23c05016a6625c345269baa09332a5b7c8c34a2e0ac5de40b87b29cb315767ee12b8e09a4080
Static task
static1
Behavioral task
behavioral1
Sample
PL & BL Document.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PL & BL Document.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.funlineinc.com - Port:
587 - Username:
mail@funlineinc.com - Password:
fZH31mjeDXJ]
Targets
-
-
Target
PL & BL Document.exe
-
Size
172KB
-
MD5
8559c430e3b9b62c7cec4dc888ed93b4
-
SHA1
30df19acd08635eec772e170389bb538ba3425ba
-
SHA256
b2f60d46128b21f56e9ad190fd599edb308b40dff4edf77cb17457dc161a746c
-
SHA512
7cf3f8e19331ce9b64d5c0330044770ee8f090c863f36a7a776b23c05016a6625c345269baa09332a5b7c8c34a2e0ac5de40b87b29cb315767ee12b8e09a4080
Score10/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-