General
-
Target
Specifications_Details_202300_RFQ.doc
-
Size
238KB
-
Sample
210723-bzhpw4c75x
-
MD5
9efbd937ce6f8fef4ad85ee94d9cfd47
-
SHA1
d8eb24e90091238e2f6bd204ea67d54c5c4efdb6
-
SHA256
574ec668750302f0bb7634d757ce2436753a95d6f9610bc227e13abdecbfc6d5
-
SHA512
86e2b112d30a010096fca79fea0bdbd1c927a7548ea172f8e9d763bcca54216b836ae9edd960d9c844ebd862c48360d4c11ef86d6a3822ebd9e469c8ac3d694e
Static task
static1
Behavioral task
behavioral1
Sample
Specifications_Details_202300_RFQ.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Specifications_Details_202300_RFQ.doc
Resource
win10v20210410
Malware Config
Extracted
http://easyviettravel.vn/vendor/seld/0A3/Specifications_Details_202300_RFQ.exe
Extracted
snakekeylogger
Protocol: smtp- Host:
netjul.xyz - Port:
587 - Username:
silyatwo@netjul.xyz - Password:
Q;QcczP{&6=~
Targets
-
-
Target
Specifications_Details_202300_RFQ.doc
-
Size
238KB
-
MD5
9efbd937ce6f8fef4ad85ee94d9cfd47
-
SHA1
d8eb24e90091238e2f6bd204ea67d54c5c4efdb6
-
SHA256
574ec668750302f0bb7634d757ce2436753a95d6f9610bc227e13abdecbfc6d5
-
SHA512
86e2b112d30a010096fca79fea0bdbd1c927a7548ea172f8e9d763bcca54216b836ae9edd960d9c844ebd862c48360d4c11ef86d6a3822ebd9e469c8ac3d694e
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-