General
-
Target
ABONOF2201.exe
-
Size
29KB
-
Sample
211021-t63q9aaee5
-
MD5
60b7234e2b5e6a5ddabb7d75cfdeff6c
-
SHA1
090ea9932d6da7a60a3722eb1669232a8c61ae4f
-
SHA256
4a5598be99ca4ebe219cb23bc2af78832aa686abae6ca23019e1f2a8e1fa6f63
-
SHA512
b456856e51682cd7b7e9ed0a3e7824516ecb788bf9a45d0f05dfc37eb642a7f0eb4602422354c951b098cd5179f16e9b2b2be0f92185c0369aa1ad438e695cee
Static task
static1
Behavioral task
behavioral1
Sample
ABONOF2201.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
ABONOF2201.exe
Resource
win10-en-20211014
Malware Config
Extracted
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
info@faks-allied-health.com - Password:
$Faks1234
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
info@faks-allied-health.com - Password:
$Faks1234
Targets
-
-
Target
ABONOF2201.exe
-
Size
29KB
-
MD5
60b7234e2b5e6a5ddabb7d75cfdeff6c
-
SHA1
090ea9932d6da7a60a3722eb1669232a8c61ae4f
-
SHA256
4a5598be99ca4ebe219cb23bc2af78832aa686abae6ca23019e1f2a8e1fa6f63
-
SHA512
b456856e51682cd7b7e9ed0a3e7824516ecb788bf9a45d0f05dfc37eb642a7f0eb4602422354c951b098cd5179f16e9b2b2be0f92185c0369aa1ad438e695cee
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-