General
-
Target
consignment details.rar
-
Size
160KB
-
Sample
210618-sevd877872
-
MD5
8cb33040c9f75754659ac2b3055b84ca
-
SHA1
0c929ddb43bca71a0862f5f3fbaf724c6139855e
-
SHA256
8dd5df1ce192b6101814de114129b653f7179714ff4ccd3654769f45ba237bc6
-
SHA512
91c8504b21849761841133555471a6c2ce69dcd15e049b9339249f2108525b841e971d00395356e17b104e35e894edaed9672329ccd6a5991c836ab7db287f52
Static task
static1
Behavioral task
behavioral1
Sample
consignment details.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
consignment details.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
msonsgroup.in - Port:
587 - Username:
speak@msonsgroup.in - Password:
speak2424@
Targets
-
-
Target
consignment details.exe
-
Size
174KB
-
MD5
d8a960f613e009eef9f81887a39e7cd0
-
SHA1
52e658fc0d3d436594c06d1b9a75d2c065622d9f
-
SHA256
7598d6cadbbded8074763a1e8b0e8c24f125c0ceaf194c9f386acf9e8a811a28
-
SHA512
441abf3939ada9b4e33f1c6452715295bc375559fb96ff39d15975417eaac78832d97b9b6dcbc67629de5803995a541ca90129fd1c7dae13320c107e8fc9e8ea
Score10/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-