General
-
Target
PROJ-9560 - PACKING SLIP.rar
-
Size
341KB
-
Sample
210915-g6mc2sdadq
-
MD5
1f3982b9a4a065c285e7269305852987
-
SHA1
eae6bbbb9ab7e1b86445b5d588cc88a24e439b40
-
SHA256
20dd52a855d31e0cad236dca4029c33cedde882834dc72b3c6dfdd016a78388a
-
SHA512
937dab90019ab5a5d381567ccbeecf17f7073264794486d4c20b0336fa3e498e87eaf39e37d910d2de20f211dd7aa2925e6a0bbb1dec4bb5a00619f6a614058f
Static task
static1
Behavioral task
behavioral1
Sample
PROJ-9560 - PACKING SLIP.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PROJ-9560 - PACKING SLIP.exe
Resource
win10-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.aninditaeng.net - Port:
587 - Username:
admin@aninditaeng.net - Password:
t2weClGi1f~7Elps
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.aninditaeng.net - Port:
587 - Username:
admin@aninditaeng.net - Password:
t2weClGi1f~7Elps
Targets
-
-
Target
PROJ-9560 - PACKING SLIP.exe
-
Size
756KB
-
MD5
0b9bcc15a42f77816d676c3290c9615b
-
SHA1
decaff5d1b1aba6df96d70b1cd8ec4d37f5ee215
-
SHA256
5adc4cb387d4bb0d2a3c1377a61bac5fa66ba260e5a33f1ca7d65fef695b14d7
-
SHA512
882e27a4ed7106dbdb7ffbe265cf9843f106cc33c7f9499f2303e71d045ca9fb33ea8c43a040008b232e720a8b6c768ffb26d8efb37784310bcdefec5befd376
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-