General
-
Target
Huda Medical Corporate Profile.doc
-
Size
62KB
-
Sample
210727-5f1nxz3rna
-
MD5
a79887f6a16088002da8171f306e1c35
-
SHA1
61f8ebea354416303d5904f625255c8381852a2e
-
SHA256
e6208325c155b89a626654ffbf06de21ef809ba583c9742952f006326fce8493
-
SHA512
8fd416b2d297715dc07bee2e1c517c7f19445da4fd3a2ed5ef3500d79d5e39b74d7d5b82009c61c1e144fef797d9e94dce30c9460958a08ef3afd8e9e4493c15
Static task
static1
Behavioral task
behavioral1
Sample
Huda Medical Corporate Profile.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Huda Medical Corporate Profile.doc
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.bundabergtrophies.com.au - Port:
587 - Username:
admin@bundabergtrophies.com.au - Password:
nKlnBbMZLI
Targets
-
-
Target
Huda Medical Corporate Profile.doc
-
Size
62KB
-
MD5
a79887f6a16088002da8171f306e1c35
-
SHA1
61f8ebea354416303d5904f625255c8381852a2e
-
SHA256
e6208325c155b89a626654ffbf06de21ef809ba583c9742952f006326fce8493
-
SHA512
8fd416b2d297715dc07bee2e1c517c7f19445da4fd3a2ed5ef3500d79d5e39b74d7d5b82009c61c1e144fef797d9e94dce30c9460958a08ef3afd8e9e4493c15
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-