General
-
Target
REMITTANCE-54324.rar
-
Size
13KB
-
Sample
211022-a98bcsbab6
-
MD5
a3462ed2b4c1c6085669c166a158ae2c
-
SHA1
87ab5a6be6955451f60cfabf8ee7769bdb4473e0
-
SHA256
a6fa7c305d258b74fdceb878a9b3cfb9e72282c4fb05446dcc73277417bd390f
-
SHA512
7b380b53df9ef9fa5d8d17e66668148b91f107ad11ca4d51842009a10ca4bc628076941d242a362a4c980cfc52e956e8f813b8889301009fbdf5820ff0a689d4
Static task
static1
Behavioral task
behavioral1
Sample
REMITTANCE-54324.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
REMITTANCE-54324.exe
Resource
win10-en-20210920
Malware Config
Extracted
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
info@faks-allied-health.com - Password:
$Faks1234
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
info@faks-allied-health.com - Password:
$Faks1234
Targets
-
-
Target
REMITTANCE-54324.exe
-
Size
28KB
-
MD5
d1602f43a72b497f501bec1150b520c8
-
SHA1
a28172657ca7ae75d968083353db54d60e7de255
-
SHA256
d680af235ea93680099f6cb6a36ff588ef23eaa95e7e43dde89d82866117b42c
-
SHA512
5560065420e52266c1d4d9464c17bf0f162e0685f07674a3335718ead5413464da4ff507ce079ad4730973a8f12452d7e791a14ebbbb7c2f156b9ea6e130dad6
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-