General
-
Target
2021 Repeat Order.PDF File.exe
-
Size
1.0MB
-
Sample
210623-9xcbpcydaj
-
MD5
2cae2254b4ab9773f185fb638a9c31a4
-
SHA1
912bba120433bdff00cf34007ca11b23e511d561
-
SHA256
0a37b966b67a5ae6f09f284f453bf83944916dec7f8676be4a712cc92a3fc186
-
SHA512
32377ef9c2f5699a8bd40e08c4001d1bb3edf0faaf7ad71f9d0fe67cfc01289f729b79f0b5120a676debc12850480efe368ab3d4ca5a9c24b83a430f4f8030c8
Static task
static1
Behavioral task
behavioral1
Sample
2021 Repeat Order.PDF File.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2021 Repeat Order.PDF File.exe
Resource
win10v20210408
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
saintmoni@yandex.ru - Password:
babaanu12345
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
saintmoni@yandex.ru - Password:
babaanu12345
Targets
-
-
Target
2021 Repeat Order.PDF File.exe
-
Size
1.0MB
-
MD5
2cae2254b4ab9773f185fb638a9c31a4
-
SHA1
912bba120433bdff00cf34007ca11b23e511d561
-
SHA256
0a37b966b67a5ae6f09f284f453bf83944916dec7f8676be4a712cc92a3fc186
-
SHA512
32377ef9c2f5699a8bd40e08c4001d1bb3edf0faaf7ad71f9d0fe67cfc01289f729b79f0b5120a676debc12850480efe368ab3d4ca5a9c24b83a430f4f8030c8
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-