General
-
Target
IMG PO 012807_32X.doc
-
Size
76KB
-
Sample
210727-9dl14nhdxn
-
MD5
9af6d69cd3b279c84b891f8ef7824731
-
SHA1
f872dcb0021881e884fcbbbef07cea19a0725467
-
SHA256
daca2995c370089febb1385775ee446b2a451b363a481437bf7ab9817b3dc711
-
SHA512
4a051c27a5f8a772aaa8eab25bd7740bd7368f902acb2b976a4a4d60ad0a0cea0453d5e9084998e0db930667c854d7abc579227cfe3631a861bbfde95080ceb8
Static task
static1
Behavioral task
behavioral1
Sample
IMG PO 012807_32X.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
IMG PO 012807_32X.doc
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
bh-16.webhostbox.net - Port:
587 - Username:
whesilolog@miratechs.gq - Password:
7213575aceACE@#$
Targets
-
-
Target
IMG PO 012807_32X.doc
-
Size
76KB
-
MD5
9af6d69cd3b279c84b891f8ef7824731
-
SHA1
f872dcb0021881e884fcbbbef07cea19a0725467
-
SHA256
daca2995c370089febb1385775ee446b2a451b363a481437bf7ab9817b3dc711
-
SHA512
4a051c27a5f8a772aaa8eab25bd7740bd7368f902acb2b976a4a4d60ad0a0cea0453d5e9084998e0db930667c854d7abc579227cfe3631a861bbfde95080ceb8
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-