General
-
Target
new order 00041221.rar
-
Size
321KB
-
Sample
211022-jk5cvabcd5
-
MD5
9ab19329038ee26756033a78adc476ae
-
SHA1
4fe6b0e1fc4a7dd0ac1dfcfc90c86278c0ab3d15
-
SHA256
0ab310f143011b37d3bf5c57a86784542ee9e153e4fbfb259d7f038a2436a505
-
SHA512
a9ca2f502d83d19e5aadd2eea0af8153f01d27c2a8f7ecc3f5c8b55d9210e2b017a8767c64413a9a9261c920795979ada7f3c7404f0e66ba8a17523b3416eb6a
Static task
static1
Behavioral task
behavioral1
Sample
new order 00041221.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
new order 00041221.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
gwen@sovartrade.com - Password:
iwRaBVG6
https://api.telegram.org/bot2043981125:AAGaa5K6uc5rV5LARENbXhpoD0InPrKgKJI/sendMessage?chat_id=2062013058
Targets
-
-
Target
new order 00041221.exe
-
Size
461KB
-
MD5
478be5314f4b786f9ec75b2f86505743
-
SHA1
bb53424b79bdab45985441072ccf65a9f999b4d0
-
SHA256
4995d93769866b4ac6e5f3b549ce0406f8fe2cc7e1c8724d3130193da6723c62
-
SHA512
37793b7ec135e629378e8091acea6a26623f8c46e17bddb37bf3e05d58f289a683ee45bc782698268851586bdf10d040bd9e4aae84f2fe1067a6251f2a11abd1
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-