General
-
Target
doc2019291888001990.pdf.exe
-
Size
47KB
-
Sample
211021-lnrx2aabb3
-
MD5
3c91dc241b4a5eacf2f38f942b9be889
-
SHA1
407ebbf273319a0f39c21d286c44c8b1170267d6
-
SHA256
dcb7cdefcf20a1e8320b1f4e89f0b8ba4e43062da33ba5a4c422cd7b0046630a
-
SHA512
e6f8587cb167631de7e583c9f4af811a4a3262991d05bfd47bcef06c6a134027b6717046cc5f0a171b88d135a7146b7ddf8c710b669f3685752ac293f507a253
Static task
static1
Behavioral task
behavioral1
Sample
doc2019291888001990.pdf.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
doc2019291888001990.pdf.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.mebareklam.com.tr - Port:
587 - Username:
meba@mebareklam.com.tr - Password:
%2Ar34qs
Targets
-
-
Target
doc2019291888001990.pdf.exe
-
Size
47KB
-
MD5
3c91dc241b4a5eacf2f38f942b9be889
-
SHA1
407ebbf273319a0f39c21d286c44c8b1170267d6
-
SHA256
dcb7cdefcf20a1e8320b1f4e89f0b8ba4e43062da33ba5a4c422cd7b0046630a
-
SHA512
e6f8587cb167631de7e583c9f4af811a4a3262991d05bfd47bcef06c6a134027b6717046cc5f0a171b88d135a7146b7ddf8c710b669f3685752ac293f507a253
-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-