General
-
Target
shipment docu..exe
-
Size
22KB
-
Sample
211020-masg3shggm
-
MD5
75b7a294df955b78f7adf5882e600273
-
SHA1
df8f94ca5d228dcbda81efd0f8a0f37ff5ffa459
-
SHA256
d3c93ce13c0f0a8dd07512cb0cf5ca7474983e15e136022cd98c4ab9b6063bd4
-
SHA512
7b4c28d71348e798f3ddc7084767424754556a02a436b91e7516408b75031df32b4ba08fc60d658aeb381538c89bdf867373127ef29f6b03ec1ece56cf2e6da6
Static task
static1
Behavioral task
behavioral1
Sample
shipment docu..exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
shipment docu..exe
Resource
win10-en-20211014
Malware Config
Extracted
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
[email protected] - Password:
$Faks1234
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
[email protected] - Password:
$Faks1234
Targets
-
-
Target
shipment docu..exe
-
Size
22KB
-
MD5
75b7a294df955b78f7adf5882e600273
-
SHA1
df8f94ca5d228dcbda81efd0f8a0f37ff5ffa459
-
SHA256
d3c93ce13c0f0a8dd07512cb0cf5ca7474983e15e136022cd98c4ab9b6063bd4
-
SHA512
7b4c28d71348e798f3ddc7084767424754556a02a436b91e7516408b75031df32b4ba08fc60d658aeb381538c89bdf867373127ef29f6b03ec1ece56cf2e6da6
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-