General
-
Target
ABONOF2201.rar
-
Size
13KB
-
Sample
211022-a7ax3sbhdp
-
MD5
bbbd1d80d1a84839cc20ed1fa0d23af9
-
SHA1
9c5f123dbb5189f6b5bb7a95e5c2d9d3337337c0
-
SHA256
abc67a95ab224424937d57ef4548ac83d968073187a1ef3420b6e4be923b0819
-
SHA512
24f153ed843223f26ac29b78e820ba200f7bf79bebfea99a8780b7f4f4691c683927828aeaed62c146f359e71ee9241eb9814ad81d77eb638ad601c9e3a0368a
Static task
static1
Behavioral task
behavioral1
Sample
ABONOF2201.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
ABONOF2201.exe
Resource
win10-en-20210920
Malware Config
Extracted
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
info@faks-allied-health.com - Password:
$Faks1234
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
info@faks-allied-health.com - Password:
$Faks1234
Targets
-
-
Target
ABONOF2201.exe
-
Size
29KB
-
MD5
60b7234e2b5e6a5ddabb7d75cfdeff6c
-
SHA1
090ea9932d6da7a60a3722eb1669232a8c61ae4f
-
SHA256
4a5598be99ca4ebe219cb23bc2af78832aa686abae6ca23019e1f2a8e1fa6f63
-
SHA512
b456856e51682cd7b7e9ed0a3e7824516ecb788bf9a45d0f05dfc37eb642a7f0eb4602422354c951b098cd5179f16e9b2b2be0f92185c0369aa1ad438e695cee
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-