General
-
Target
19effc0a5fe546104049656b5210fa59e3a0b3fd9d2c62207c582ea23fd9e83f
-
Size
299KB
-
Sample
210726-hhzs1k2h36
-
MD5
f80c6bc8e8db49ccf06094e2c6566618
-
SHA1
071639ccd71b828610a9ae7c0b8d9b1d8fb4f10c
-
SHA256
19effc0a5fe546104049656b5210fa59e3a0b3fd9d2c62207c582ea23fd9e83f
-
SHA512
6eafe9058aa7ed09558237a0a2d40cd4c76a0cc7d7094661705897556a3a94fec83ca155868c0d80f3d633f3ef316f7be025added6860fc9f84191e4279b4418
Static task
static1
Behavioral task
behavioral1
Sample
New order 11244332.pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
New order 11244332.pdf.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
25 - Username:
clintongodgracelog@vivaldi.net - Password:
858540506070
Targets
-
-
Target
New order 11244332.pdf.exe
-
Size
396KB
-
MD5
90fc1c7c37257d828778bca2c7addbfa
-
SHA1
eed7abd19a3ae14e2bf914c22dea3390970818ff
-
SHA256
5dfc39e30905e2a653f0c346f6a6e0a76c0837d47fccc71317d7d01a3eb2b00b
-
SHA512
01620beb245fec3c104ceaf3c34d9977ff35a12de6c38ccc0c70e72f689767adc37c04181fec8e6d085f9dba43f2a4516fe229201f65b8661fe484963b85b51d
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-