General
-
Target
ScanOrder.pdf.exe
-
Size
344KB
-
Sample
210620-bpvxrnfq2n
-
MD5
64bdce55d3318e4294055d873f1741c6
-
SHA1
e36ba27206a698291d1d70278820afe50932070f
-
SHA256
7d589e38568ed522cd280ee2628cbafa359d65d45cc517277983ccb1c1b32f12
-
SHA512
ada56fa5b55084651ff6817c8be9d575acc925631804e26510547499dd97f934f91a9e58f18b0a06848b560b59e732024fc084743977b4871daf20126e8b559b
Static task
static1
Behavioral task
behavioral1
Sample
ScanOrder.pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ScanOrder.pdf.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.bartolinicompany.info - Port:
587 - Username:
snake@bartolinicompany.info - Password:
QAZqaz123@
Targets
-
-
Target
ScanOrder.pdf.exe
-
Size
344KB
-
MD5
64bdce55d3318e4294055d873f1741c6
-
SHA1
e36ba27206a698291d1d70278820afe50932070f
-
SHA256
7d589e38568ed522cd280ee2628cbafa359d65d45cc517277983ccb1c1b32f12
-
SHA512
ada56fa5b55084651ff6817c8be9d575acc925631804e26510547499dd97f934f91a9e58f18b0a06848b560b59e732024fc084743977b4871daf20126e8b559b
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-