General
-
Target
shipment docu.rar
-
Size
8KB
-
Sample
211020-d4yfrahecr
-
MD5
172d9572c05a07a0ce67eec8f4b79674
-
SHA1
47f62217250a9b0407a100aa1ef4e95cd0256d5f
-
SHA256
4f0cef741078b5d5dc41fb427a0ffdbcd62f7839042a35ee79d1b107b93a20d6
-
SHA512
70e966d45211a3b69f23eb144872046410162a5068ae32c576fe6c2efeaefe749d3b9236ecf3d84bcbd3f242cbc87cec15246d76f46165bcedf9f124086ff140
Static task
static1
Behavioral task
behavioral1
Sample
shipment docu..exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
shipment docu..exe
Resource
win10-en-20211014
Malware Config
Extracted
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
[email protected] - Password:
$Faks1234
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
[email protected] - Password:
$Faks1234
Targets
-
-
Target
shipment docu..exe
-
Size
22KB
-
MD5
75b7a294df955b78f7adf5882e600273
-
SHA1
df8f94ca5d228dcbda81efd0f8a0f37ff5ffa459
-
SHA256
d3c93ce13c0f0a8dd07512cb0cf5ca7474983e15e136022cd98c4ab9b6063bd4
-
SHA512
7b4c28d71348e798f3ddc7084767424754556a02a436b91e7516408b75031df32b4ba08fc60d658aeb381538c89bdf867373127ef29f6b03ec1ece56cf2e6da6
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-