General
-
Target
ATTACHMENTS.xlsx
-
Size
713KB
-
Sample
210722-4tvn6a6pc2
-
MD5
c24c99e3c4a213b7356d63e5646d4457
-
SHA1
7edbbb43143714139acdc66057b4fa884c8fdb07
-
SHA256
dc0a3e25871596a368e26566d77da6de8c0a4edb43750fe617bb5036758f0ae7
-
SHA512
e220612c7d9701c9397d8d69c86ed492e11f3d2b7b43169a59245bd38a92d25c779d71f872d0e7abe2906e6df69cc8629c2a8447d3534a89afe6a65b0d1a1624
Static task
static1
Behavioral task
behavioral1
Sample
ATTACHMENTS.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ATTACHMENTS.xlsx
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
)||LHNUQ5wgcszg
Targets
-
-
Target
ATTACHMENTS.xlsx
-
Size
713KB
-
MD5
c24c99e3c4a213b7356d63e5646d4457
-
SHA1
7edbbb43143714139acdc66057b4fa884c8fdb07
-
SHA256
dc0a3e25871596a368e26566d77da6de8c0a4edb43750fe617bb5036758f0ae7
-
SHA512
e220612c7d9701c9397d8d69c86ed492e11f3d2b7b43169a59245bd38a92d25c779d71f872d0e7abe2906e6df69cc8629c2a8447d3534a89afe6a65b0d1a1624
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-