General
-
Target
REMITTANCE.lzh
-
Size
650KB
-
Sample
210722-wft5c99x5s
-
MD5
33e1b9a39db18d6b8ac7e333fd9aaa1c
-
SHA1
4a5c8cc510419a11020d4988e7e9c91574635130
-
SHA256
88ab7a5d825daabd007c1a885f6021879a961dda43e71fdd077af28ee0dbcb34
-
SHA512
77594fd85786e1d9f4b183eddb08ece7bc457cb22bd89c3c3daa2555ea181236227020da547a651d6c0aaab57f1cb8ccfb42a350e843297334b28ada3b90130b
Static task
static1
Behavioral task
behavioral1
Sample
REMITTANCE.bat.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
REMITTANCE.bat.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
webmail.aquariushotelboutique.com - Port:
25 - Username:
[email protected] - Password:
6)fvPIxcEVwT
Targets
-
-
Target
REMITTANCE.bat
-
Size
1.1MB
-
MD5
3e1a052b0f8fc285dbba8f7003736860
-
SHA1
c4d616291cc60ba0251fd29a3eb2b83b3c59c8a3
-
SHA256
41964288f3a3ab0f07ae38f98392b00148c3a5d3a24d038cb1a5fb5331c15b1d
-
SHA512
c10b37fa8bcc350dbb00d509b9ee087de6f97e5f7f43d1d38f72e560175900dd949bada5f813d95c339b9987fa4f49513a9e616e42bf58d5b7396ae7a66af306
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-