General
-
Target
ORDER PROPOSAL.exe
-
Size
329KB
-
Sample
211125-vejdzabbg4
-
MD5
7fbad1014655c5f3ca235f6790ee01cb
-
SHA1
80634496f849ab2be5b29831ab7999cbf1af8b4a
-
SHA256
8bbec052a81e3229e7046cc4a3904499d44726f1ec554cc5e8daad1c8bd9e742
-
SHA512
f660e48e39691294aa9cb84aaf70a3c4c74bb370b77f5f304421cccf28d81ba49be79fd7af09b35c78b6e2a1f0db4826cd881c6d0aa933537de7f8b20179b1a1
Static task
static1
Behavioral task
behavioral1
Sample
ORDER PROPOSAL.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
ORDER PROPOSAL.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
admin@siemens-energy.cam - Password:
antivenom
https://api.telegram.org/bot2117364747:AAFeHN5f_ugt1Q3HJuvL_qsM-dbw2nk2poc/sendMessage?chat_id=1996621743
Targets
-
-
Target
ORDER PROPOSAL.exe
-
Size
329KB
-
MD5
7fbad1014655c5f3ca235f6790ee01cb
-
SHA1
80634496f849ab2be5b29831ab7999cbf1af8b4a
-
SHA256
8bbec052a81e3229e7046cc4a3904499d44726f1ec554cc5e8daad1c8bd9e742
-
SHA512
f660e48e39691294aa9cb84aaf70a3c4c74bb370b77f5f304421cccf28d81ba49be79fd7af09b35c78b6e2a1f0db4826cd881c6d0aa933537de7f8b20179b1a1
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-