General
-
Target
RFQ-YEKHA-20-0151.PDF.gz
-
Size
521KB
-
Sample
210621-zanb5f9kzn
-
MD5
b221af31a52fd1186f263317f04b96e4
-
SHA1
85015497923e8d33aef9f60730d9bd737aff1646
-
SHA256
143b430b2cf5363e24a62b531370f5b765ee78138f9e7fd98266724da353d29f
-
SHA512
9777b8de807ba71bc2635754fdd184f0ddd0e1675708c96aa05438f5d2032a4b16fe757954f83306e10c602210994f1624c97a8bf684d3102fe68fd247a437e1
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-YEKHA-20-0151.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
RFQ-YEKHA-20-0151.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
newoffice@myexodus1.com - Password:
gefqPU#Az8
Targets
-
-
Target
RFQ-YEKHA-20-0151.exe
-
Size
702KB
-
MD5
20ceb0cdf1f078b28671054c2863052c
-
SHA1
fc335d40a3fe8aceb4fbfd89c279b9b56a142556
-
SHA256
4223fc55e6b0fc32d0f55607395055db9023a5d6980dccad59f11aadf0179b86
-
SHA512
1639777ffadd90248a0735429fb3068a0dc5ad106520416104afaebfb2744950c96ee8918267041c6055a882b022ea15472f545e7333329124d2699e5847ec1a
Score10/10-
Suspicious use of SetThreadContext
-