General
-
Target
PAYMENT VOUCHER096685_pdf.exe
-
Size
1.2MB
-
Sample
210726-7wsqrvqqwe
-
MD5
aa2ca32a841ee37f74ccb2f1ec169261
-
SHA1
c5b808ff040ba398886092841b02ecbfda8bc584
-
SHA256
941a701614e8220c3599ad892dc9ce472fef5f7747df9e718ad8e1403851754c
-
SHA512
d021306b518b1b2cb18085e2a214bca98e351933e0ec2e1da151d6c609eda5f4feb078377a1354413a3af960c7824273def61181b6818180538e22ef5f486397
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT VOUCHER096685_pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PAYMENT VOUCHER096685_pdf.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.rainspor.com - Port:
465 - Username:
assad@rainspor.com - Password:
assad123assad
https://api.telegram.org/bot1873568730:AAH34RvZUhseosgmzTpwFwYgrvFwcg8jqaA/sendMessage?chat_id=1810577695
Targets
-
-
Target
PAYMENT VOUCHER096685_pdf.exe
-
Size
1.2MB
-
MD5
aa2ca32a841ee37f74ccb2f1ec169261
-
SHA1
c5b808ff040ba398886092841b02ecbfda8bc584
-
SHA256
941a701614e8220c3599ad892dc9ce472fef5f7747df9e718ad8e1403851754c
-
SHA512
d021306b518b1b2cb18085e2a214bca98e351933e0ec2e1da151d6c609eda5f4feb078377a1354413a3af960c7824273def61181b6818180538e22ef5f486397
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-