General
-
Target
TRACKING NUMBER.doc
-
Size
63KB
-
Sample
210728-vqcgj9k1ax
-
MD5
85f32390c19a033a1d2569863469a615
-
SHA1
81689cd34e0ad021432bd0db43f5313cf0189705
-
SHA256
7fb33351d6ef6a9ae6f3c953b3c45743281217ed32c7fe8ef8d9f06161589e7d
-
SHA512
34ae29f2bcce0f213e76f92e298ad875180a5683ada3dd45d6ad2078a060e74a6ab3573be1268ef1d10e90c7d8d0614f226c77bc5f60f42aa7f2d8a5d24556e7
Static task
static1
Behavioral task
behavioral1
Sample
TRACKING NUMBER.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
TRACKING NUMBER.doc
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
bh-16.webhostbox.net - Port:
587 - Username:
whesilolog@miratechs.gq - Password:
7213575aceACE@#$
Targets
-
-
Target
TRACKING NUMBER.doc
-
Size
63KB
-
MD5
85f32390c19a033a1d2569863469a615
-
SHA1
81689cd34e0ad021432bd0db43f5313cf0189705
-
SHA256
7fb33351d6ef6a9ae6f3c953b3c45743281217ed32c7fe8ef8d9f06161589e7d
-
SHA512
34ae29f2bcce0f213e76f92e298ad875180a5683ada3dd45d6ad2078a060e74a6ab3573be1268ef1d10e90c7d8d0614f226c77bc5f60f42aa7f2d8a5d24556e7
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-