General
-
Target
invoice.02 Nazih El Chouli.exe
-
Size
31KB
-
Sample
210727-m5avnw8ees
-
MD5
5898734f512fe21e26447c8b28fe802f
-
SHA1
eefb6ef334e0ae3fe1316256831a087d412f6008
-
SHA256
fb04731280999bb99a45d6473b6fd1d8a9cad45654ee21d7a5ca89b8a6a7e41e
-
SHA512
5f1dbfdc7fd4f091b4a531a1101256ff697cf68d46a231cb08919236de97230d7d26ebe5a34142fcc738a737421b12b5589da180581c32e3cedddc8511a75841
Static task
static1
Behavioral task
behavioral1
Sample
invoice.02 Nazih El Chouli.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
invoice.02 Nazih El Chouli.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
Smtp.vivaldi.net - Port:
587 - Username:
samueln@vivaldi.net - Password:
DU5DwYRUQdyQQCt
Targets
-
-
Target
invoice.02 Nazih El Chouli.exe
-
Size
31KB
-
MD5
5898734f512fe21e26447c8b28fe802f
-
SHA1
eefb6ef334e0ae3fe1316256831a087d412f6008
-
SHA256
fb04731280999bb99a45d6473b6fd1d8a9cad45654ee21d7a5ca89b8a6a7e41e
-
SHA512
5f1dbfdc7fd4f091b4a531a1101256ff697cf68d46a231cb08919236de97230d7d26ebe5a34142fcc738a737421b12b5589da180581c32e3cedddc8511a75841
Score10/10-
suricata: ET MALWARE DTLoader Binary Request M2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-