General
-
Target
product picture.xlsx
-
Size
629KB
-
Sample
210727-ck2wjz9v6x
-
MD5
a793904f9e649cdec7b2d27b7f6faf0d
-
SHA1
9a364e1755fbb8ed41ba9c34364e85255ff2d636
-
SHA256
1cfe05628f52cf99f5320c612e340abe35d30f56527d3949677b87716914d68d
-
SHA512
53d38acd0fa81b6a979b5777378453d1a8612591095de78f0763e080a20e283bf9c80aae3fc8956739f5dcede7b0f11d7c587118f6fab6f091fa82d27a431163
Static task
static1
Behavioral task
behavioral1
Sample
product picture.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
product picture.xlsx
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
miratechs.gq - Port:
587 - Username:
arinzelog@miratechs.gq - Password:
7213575aceACE@#$
Targets
-
-
Target
product picture.xlsx
-
Size
629KB
-
MD5
a793904f9e649cdec7b2d27b7f6faf0d
-
SHA1
9a364e1755fbb8ed41ba9c34364e85255ff2d636
-
SHA256
1cfe05628f52cf99f5320c612e340abe35d30f56527d3949677b87716914d68d
-
SHA512
53d38acd0fa81b6a979b5777378453d1a8612591095de78f0763e080a20e283bf9c80aae3fc8956739f5dcede7b0f11d7c587118f6fab6f091fa82d27a431163
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-