General
-
Target
doc2019291888001990.pdf.exe
-
Size
13KB
-
Sample
211021-gm2cvshha4
-
MD5
3d18d2aac131785618c05c974240a2e0
-
SHA1
59ced83454905b1355abb7f8a9db626794e9fa90
-
SHA256
68ef3fd87db02762f5bc7d604354cd0dee06df1c6c8eb0b05e04dec272b72dfe
-
SHA512
14c497b7abc723d55a75a2a56efa298f7452766dcbf298deac7c1a43e0be549e289b8439510624e6a981d662ea5a77df36a7cc8f31747b71cd4003b211727593
Static task
static1
Behavioral task
behavioral1
Sample
doc2019291888001990.pdf.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
doc2019291888001990.pdf.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.mebareklam.com.tr - Port:
587 - Username:
meba@mebareklam.com.tr - Password:
%2Ar34qs
Targets
-
-
Target
doc2019291888001990.pdf.exe
-
Size
13KB
-
MD5
3d18d2aac131785618c05c974240a2e0
-
SHA1
59ced83454905b1355abb7f8a9db626794e9fa90
-
SHA256
68ef3fd87db02762f5bc7d604354cd0dee06df1c6c8eb0b05e04dec272b72dfe
-
SHA512
14c497b7abc723d55a75a2a56efa298f7452766dcbf298deac7c1a43e0be549e289b8439510624e6a981d662ea5a77df36a7cc8f31747b71cd4003b211727593
-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-