General
-
Target
AMENDED INVOICE & COO DOCS.exe
-
Size
415KB
-
Sample
211021-wj6kqsbdhr
-
MD5
d693f58558538c9e8daf36fbd374db55
-
SHA1
25f77f246f27956647f2d4ddab85da100431d129
-
SHA256
01cccbd3a723331004dbf8de510380d5c328b8f3d8ae936fb4b9dd4f6259e532
-
SHA512
dc6cc23407f4a25645704202e6b81dd092a972bd7c5123612fed9d3bfc57823534ad443c036f70f1e843891b3dc7f977f002561de2292f2ea7fd1dda8f1e68cb
Static task
static1
Behavioral task
behavioral1
Sample
AMENDED INVOICE & COO DOCS.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
AMENDED INVOICE & COO DOCS.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1620445910:AAF2v81NoINJsu_XXnpGet1YDm-NxnznaIE/sendMessage?chat_id=1063661839
Targets
-
-
Target
AMENDED INVOICE & COO DOCS.exe
-
Size
415KB
-
MD5
d693f58558538c9e8daf36fbd374db55
-
SHA1
25f77f246f27956647f2d4ddab85da100431d129
-
SHA256
01cccbd3a723331004dbf8de510380d5c328b8f3d8ae936fb4b9dd4f6259e532
-
SHA512
dc6cc23407f4a25645704202e6b81dd092a972bd7c5123612fed9d3bfc57823534ad443c036f70f1e843891b3dc7f977f002561de2292f2ea7fd1dda8f1e68cb
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-