General
-
Target
STATIONERY MATERIALS-ORDER SUPPLEMENT.r00
-
Size
434KB
-
Sample
210727-svml73wedx
-
MD5
bf5debdb19350b5beb73576e30398a55
-
SHA1
1f80881a755bd14742d3572c488c87f5b421f451
-
SHA256
beba1b53cc5aed5341b78c6011cf16136218faa25d0a5ae6b9e2e3ce952f0d78
-
SHA512
c85fb8ca493d303b2f3de214c655462b5443c4e52d6845f0c51eb430ffbf2a076be725b46a83db0f2943556992d5624747a18f1f726f5bb1f25341bfa573a5fe
Static task
static1
Behavioral task
behavioral1
Sample
STATIONERY MATERIALS-ORDER SUPPLEMENT.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
STATIONERY MATERIALS-ORDER SUPPLEMENT.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ademkocplastik.com.tr - Port:
587 - Username:
ihracat@ademkocplastik.com.tr - Password:
Ad1.iqwerty?_
Targets
-
-
Target
STATIONERY MATERIALS-ORDER SUPPLEMENT.exe
-
Size
574KB
-
MD5
334c0820434d474ffc6d7347f8c27697
-
SHA1
f0af5e6bb35f3b10f26386f4ad77db78ed0b4a72
-
SHA256
1aa71ccdef644e05966553af027e6434454c8e76a1e04522a7ad2da789d8f248
-
SHA512
8deaec055e232565d30de462082245d1d4967de1777e4d22d8969a017022da2479af029e37674c4a31d6aee1961e9b00f69808c6cf0d7a0f150a474ee2ff5d64
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-