General
-
Target
telex SO#1KSZ019769-pdf.exe
-
Size
833KB
-
Sample
210727-pwt1l9ev2e
-
MD5
e745b5bb83dcd7045e2f1e6396d7e074
-
SHA1
dc415847e2a782d2f714da53bb5a8e2b18a67f1b
-
SHA256
9cb2740a3219b5aaa8d26ca22bf7a2088d66f1e1c37420dfe8121e0c5f0df2b7
-
SHA512
40708fde86f4332c705ce90553ad518f8bcc3fe56206ebd4af7020c8a5e6813f69bd294872d35921b234829105f5947de9a905bb15a531ba4b38d4c3ea1fce9f
Static task
static1
Behavioral task
behavioral1
Sample
telex SO#1KSZ019769-pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
telex SO#1KSZ019769-pdf.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
25 - Username:
admin@evapimlogs.com - Password:
BkKMmzZ1
Targets
-
-
Target
telex SO#1KSZ019769-pdf.exe
-
Size
833KB
-
MD5
e745b5bb83dcd7045e2f1e6396d7e074
-
SHA1
dc415847e2a782d2f714da53bb5a8e2b18a67f1b
-
SHA256
9cb2740a3219b5aaa8d26ca22bf7a2088d66f1e1c37420dfe8121e0c5f0df2b7
-
SHA512
40708fde86f4332c705ce90553ad518f8bcc3fe56206ebd4af7020c8a5e6813f69bd294872d35921b234829105f5947de9a905bb15a531ba4b38d4c3ea1fce9f
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-