General
-
Target
ISO-77002387418602.bin.zip
-
Size
226KB
-
Sample
211020-qvlf2shba9
-
MD5
6751823f451aaebe65a653a3f338148d
-
SHA1
afae1db56240ca7610384d5458d6f83d6c6af2b9
-
SHA256
5ff91ab46e1a82df8a7efffc4175fa68a42fb1452e17b64041c6d570c87d8fd4
-
SHA512
d86d885b7db7f1b78dea523e57eb69fba13ca6a0854fad711aa6730ad942169a120370af9062d711aaf324767ff5322046217fc3641aad5eb441182b6ca33072
Static task
static1
Behavioral task
behavioral1
Sample
ISO-77002387418602.bin.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
ISO-77002387418602.bin.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
budgetn.shop - Port:
587 - Username:
[email protected] - Password:
eC~Z,TG&S9jM
Targets
-
-
Target
ISO-77002387418602.bin
-
Size
558KB
-
MD5
3446b3427eb52e09af7b7424d8bd6dc3
-
SHA1
780f36db6bdafed0966c2951e86142b43105f0f2
-
SHA256
0cc6f444f52c66cd955fa64184e8784b8ec735a0d8b2f1f4c060532fcd54e9f8
-
SHA512
7596395c37d037bff11dcf9e3f59039602b965c9cd36fedf344ef83dff3cce5c80aec345d4eaee4ecc2b5036b6a34473f7f31d3291d651baeddad762e5c7fbfe
Score10/10-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-