General
-
Target
PO#JFUB0002 4QjPQ2oE-pdf.exe
-
Size
636KB
-
Sample
210727-vhta9d1hcs
-
MD5
43bf8478bf2676d95193f62fde2a11c0
-
SHA1
9153d608d75978006c760e1ce1cc9599e336d711
-
SHA256
45479517c35a7efb32ab28968deeda5e3926f06b81ab4cf2b7ab9a87f3de336c
-
SHA512
dcae9b03580955ef385859a45cbb886352374371855e9ec1370065da9a172297b6112114c06668ccd74b3136f2c2b191368845721ebc6434779e62d0e86720a3
Static task
static1
Behavioral task
behavioral1
Sample
PO#JFUB0002 4QjPQ2oE-pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PO#JFUB0002 4QjPQ2oE-pdf.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
25 - Username:
admin@evapimlogs.com - Password:
BkKMmzZ1
Targets
-
-
Target
PO#JFUB0002 4QjPQ2oE-pdf.exe
-
Size
636KB
-
MD5
43bf8478bf2676d95193f62fde2a11c0
-
SHA1
9153d608d75978006c760e1ce1cc9599e336d711
-
SHA256
45479517c35a7efb32ab28968deeda5e3926f06b81ab4cf2b7ab9a87f3de336c
-
SHA512
dcae9b03580955ef385859a45cbb886352374371855e9ec1370065da9a172297b6112114c06668ccd74b3136f2c2b191368845721ebc6434779e62d0e86720a3
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-