General
-
Target
Order _ 08201450.doc
-
Size
49KB
-
Sample
210722-9v7vhkl2nn
-
MD5
e79a3eff7afad1baf05d316eabe8bf90
-
SHA1
420291ec39d86c8442aac0d447a107cdcac9a4ef
-
SHA256
5287078230313c9bc74e5f6230b3c017c085eb389ed674547eabfb32d90ee018
-
SHA512
a0feb30bfd42801115165fc8cbf731807f2747cdaa4ccab80b7e6b7f68c24d02684506a0c7d2d7f5d1ee172af612bea8ae1e2e92ad39ec5b72cd5575c121031a
Static task
static1
Behavioral task
behavioral1
Sample
Order _ 08201450.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Order _ 08201450.doc
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
bh-16.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Targets
-
-
Target
Order _ 08201450.doc
-
Size
49KB
-
MD5
e79a3eff7afad1baf05d316eabe8bf90
-
SHA1
420291ec39d86c8442aac0d447a107cdcac9a4ef
-
SHA256
5287078230313c9bc74e5f6230b3c017c085eb389ed674547eabfb32d90ee018
-
SHA512
a0feb30bfd42801115165fc8cbf731807f2747cdaa4ccab80b7e6b7f68c24d02684506a0c7d2d7f5d1ee172af612bea8ae1e2e92ad39ec5b72cd5575c121031a
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-