General
-
Target
Purchase order.zip
-
Size
916B
-
Sample
211021-xant1aafc5
-
MD5
aa55e24d0f0ed900817fdb2ff0f57f53
-
SHA1
2f0ea8b2f576f8c0fd139ffe93d87e588eaba4ae
-
SHA256
df6411dba3e979035e8a216d9e50972f5934de768f905b40068b1049db365ee3
-
SHA512
3b2bced17abcd7c807c94f5e7d14457bc5b048daf8ce085fd293f18a6827fd7c5b2ad2e33fde74b1a6e9eae66140da394bf1d9c47ca3bddf8ffd8ff49a4cfe55
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order.VBS
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Purchase order.VBS
Resource
win10-en-20210920
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.live.com - Port:
587 - Username:
deniyi334@hotmail.com - Password:
shitturilwan334
Targets
-
-
Target
Purchase order.VBS
-
Size
2KB
-
MD5
551fde9593f19dc3fd9cc79f7f08e4cb
-
SHA1
2a57ca45c2720dd7e08cc0e2b6ced80a782c54b3
-
SHA256
b5fe0465468c4e7db32ba8d57f8d857a03b6e0a905d91627fb76e32aed85a4e1
-
SHA512
0238490e34b40a54806fb5ccab60d241ac997209324c76aeddec7636a91f67ce9a278b636445ed33d4ebfb2042c9e5d8080438b4ed3b7ea74d49d1fddccb7b21
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-