General
-
Target
Number of Package.xlsx
-
Size
718KB
-
Sample
210728-5xfvd617sx
-
MD5
a247cc8b5eb2f580aa454b3846c3ad36
-
SHA1
415bb2fdedf27176947e557ac969a09b9e9d035a
-
SHA256
db27960e5407802bd8416782c93898baf8c89e240348db47870ef55091195feb
-
SHA512
31f99e8545b8bc6254a498d590c6b79ded8bc7213f1f407652cfc6d36702b5c6bd5918add236d9d50085ccb8d97f0b6ca721e192aed06d4e0c0e3e606c4de4e8
Static task
static1
Behavioral task
behavioral1
Sample
Number of Package.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Number of Package.xlsx
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
bh-16.webhostbox.net - Port:
587 - Username:
whesilolog@miratechs.gq - Password:
7213575aceACE@#$
Targets
-
-
Target
Number of Package.xlsx
-
Size
718KB
-
MD5
a247cc8b5eb2f580aa454b3846c3ad36
-
SHA1
415bb2fdedf27176947e557ac969a09b9e9d035a
-
SHA256
db27960e5407802bd8416782c93898baf8c89e240348db47870ef55091195feb
-
SHA512
31f99e8545b8bc6254a498d590c6b79ded8bc7213f1f407652cfc6d36702b5c6bd5918add236d9d50085ccb8d97f0b6ca721e192aed06d4e0c0e3e606c4de4e8
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-