General
-
Target
EFI_01037508200.doc
-
Size
387KB
-
Sample
210618-eb1n8zk6zx
-
MD5
21ebc4527aecb50fc3adc65b610d3653
-
SHA1
3cf5df8b2e1e670ea2c85eec6f048d0c889bd715
-
SHA256
ea26039022e9c98e3d40700610f8c28f7d2b1d5f11394e0e22f2a40bf876ea31
-
SHA512
07fca5507656fd96ca707c6c88f5b139d3f638e313c465b677f448be769606794ca48fe6018ddc80ee4477035f6713e2c5053077f5465e39247a4f8b33e568fc
Static task
static1
Behavioral task
behavioral1
Sample
EFI_01037508200.doc
Resource
win7v20210410
Malware Config
Extracted
http://212.192.241.94/bluehost/75tgsoleApp19.exe
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
lagardan@yandex.com - Password:
pP!@*&@)555
Targets
-
-
Target
EFI_01037508200.doc
-
Size
387KB
-
MD5
21ebc4527aecb50fc3adc65b610d3653
-
SHA1
3cf5df8b2e1e670ea2c85eec6f048d0c889bd715
-
SHA256
ea26039022e9c98e3d40700610f8c28f7d2b1d5f11394e0e22f2a40bf876ea31
-
SHA512
07fca5507656fd96ca707c6c88f5b139d3f638e313c465b677f448be769606794ca48fe6018ddc80ee4477035f6713e2c5053077f5465e39247a4f8b33e568fc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-