General
-
Target
consignment details.exe
-
Size
174KB
-
Sample
210618-assb4gbsh6
-
MD5
d8a960f613e009eef9f81887a39e7cd0
-
SHA1
52e658fc0d3d436594c06d1b9a75d2c065622d9f
-
SHA256
7598d6cadbbded8074763a1e8b0e8c24f125c0ceaf194c9f386acf9e8a811a28
-
SHA512
441abf3939ada9b4e33f1c6452715295bc375559fb96ff39d15975417eaac78832d97b9b6dcbc67629de5803995a541ca90129fd1c7dae13320c107e8fc9e8ea
Static task
static1
Behavioral task
behavioral1
Sample
consignment details.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
consignment details.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
msonsgroup.in - Port:
587 - Username:
speak@msonsgroup.in - Password:
speak2424@
Targets
-
-
Target
consignment details.exe
-
Size
174KB
-
MD5
d8a960f613e009eef9f81887a39e7cd0
-
SHA1
52e658fc0d3d436594c06d1b9a75d2c065622d9f
-
SHA256
7598d6cadbbded8074763a1e8b0e8c24f125c0ceaf194c9f386acf9e8a811a28
-
SHA512
441abf3939ada9b4e33f1c6452715295bc375559fb96ff39d15975417eaac78832d97b9b6dcbc67629de5803995a541ca90129fd1c7dae13320c107e8fc9e8ea
Score10/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-