General
-
Target
PO#JFUB0002 4QjPQ2oE-pdf.r11
-
Size
442KB
-
Sample
210727-yftvc2vj32
-
MD5
2a092edc584bcc0adba934f6d8806db1
-
SHA1
1106ee3131b697938c53096d6786fa4aec8c9cf2
-
SHA256
e385e3e9cecff341f6cba6e62e5c7540f52469cb7711633e378c7caf76ffe748
-
SHA512
38472615f40b396cb4ea2621bb1cb36298d3e6bcd3d6215df952d0e83d5c4470306b66a3ce0f42b8f20a5fd6b44eb48b2b72ad5687204eabf1976594164219c3
Static task
static1
Behavioral task
behavioral1
Sample
PO#JFUB0002 4QjPQ2oE-pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PO#JFUB0002 4QjPQ2oE-pdf.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
25 - Username:
admin@evapimlogs.com - Password:
BkKMmzZ1
Targets
-
-
Target
PO#JFUB0002 4QjPQ2oE-pdf.exe
-
Size
636KB
-
MD5
43bf8478bf2676d95193f62fde2a11c0
-
SHA1
9153d608d75978006c760e1ce1cc9599e336d711
-
SHA256
45479517c35a7efb32ab28968deeda5e3926f06b81ab4cf2b7ab9a87f3de336c
-
SHA512
dcae9b03580955ef385859a45cbb886352374371855e9ec1370065da9a172297b6112114c06668ccd74b3136f2c2b191368845721ebc6434779e62d0e86720a3
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-