General
-
Target
DHL_119040 receipt document,pdf.exe
-
Size
138KB
-
Sample
211021-lm85xsaba6
-
MD5
61e692e05bdbeff4a1bea19377912db6
-
SHA1
5039ad90d9112ff1262b1cee94144fcb7b1fcd94
-
SHA256
596a47f21a6bdd84b04be8426b613004885f142bdc0327e94185e54ce7027def
-
SHA512
5f19697ae104ebc025821c79c678a5f470ff99349e506b6420642b7c72ab14609826a93692edbaa2698d6a7c9961712d39b01934000ee7f3e0e0a70ba27738f2
Static task
static1
Behavioral task
behavioral1
Sample
DHL_119040 receipt document,pdf.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
DHL_119040 receipt document,pdf.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.msm.com.ec - Port:
587 - Username:
ventas@msm.com.ec - Password:
MundoSano2021
Targets
-
-
Target
DHL_119040 receipt document,pdf.exe
-
Size
138KB
-
MD5
61e692e05bdbeff4a1bea19377912db6
-
SHA1
5039ad90d9112ff1262b1cee94144fcb7b1fcd94
-
SHA256
596a47f21a6bdd84b04be8426b613004885f142bdc0327e94185e54ce7027def
-
SHA512
5f19697ae104ebc025821c79c678a5f470ff99349e506b6420642b7c72ab14609826a93692edbaa2698d6a7c9961712d39b01934000ee7f3e0e0a70ba27738f2
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-