General
-
Target
DHL Notification-pdf.exe
-
Size
1.2MB
-
Sample
210726-6f2zx97gwn
-
MD5
5228ecf840cf5bb8a37af32fdab81fe8
-
SHA1
200dc5f0010ce6cc1e27be47f7772b84454794c6
-
SHA256
9906d7c05680fc4b3e9c741e5c95d6c8acbd88f7ded4b451270cdfa7c8847c30
-
SHA512
f709e9e3f5dc74e04c3ad30df96926781a095c29c469b04151d0b17a14fca7ca5167fd7c084ba05e2fdb2082bf45597f06c1449bae2facec1472cbb1a4bbb00b
Static task
static1
Behavioral task
behavioral1
Sample
DHL Notification-pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
DHL Notification-pdf.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
25 - Username:
admin@evapimlogs.com - Password:
BkKMmzZ1
Targets
-
-
Target
DHL Notification-pdf.exe
-
Size
1.2MB
-
MD5
5228ecf840cf5bb8a37af32fdab81fe8
-
SHA1
200dc5f0010ce6cc1e27be47f7772b84454794c6
-
SHA256
9906d7c05680fc4b3e9c741e5c95d6c8acbd88f7ded4b451270cdfa7c8847c30
-
SHA512
f709e9e3f5dc74e04c3ad30df96926781a095c29c469b04151d0b17a14fca7ca5167fd7c084ba05e2fdb2082bf45597f06c1449bae2facec1472cbb1a4bbb00b
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-