General
-
Target
ORDER INQUIRY-PVP-SP-2021-59.zip
-
Size
413KB
-
Sample
211127-glbe2scbe7
-
MD5
10791efbf3a5edd898dea687f99ce49d
-
SHA1
657638ffb260d46a7e83fab621d44b3fa945012e
-
SHA256
e6382f39e59a7a9ee50266d28cd9ff170879d6afe9c4a7d955905c34a860af38
-
SHA512
1548363156bb7155d96a36356fc12adc175d6c1444f8a2b929580a5cf7508199f3223a3265e074998fe160b094cb006ef557deac358bb88523ccae514aa67f52
Static task
static1
Behavioral task
behavioral1
Sample
ORDER INQUIRY-PVP-SP-2021-59.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
ORDER INQUIRY-PVP-SP-2021-59.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
gwen@sovartrade.com - Password:
iwRaBVG6
https://api.telegram.org/bot1620445910:AAF2v81NoINJsu_XXnpGet1YDm-NxnznaIE/sendMessage?chat_id=1063661839
Targets
-
-
Target
ORDER INQUIRY-PVP-SP-2021-59.exe
-
Size
603KB
-
MD5
c5f854e1182088e92599cb6a6fe61146
-
SHA1
7faf17578a8764f2e43109a4ffcc251d601fe168
-
SHA256
a1d3d73284b65272004821c267cb29a89aa26d827652ef0a91d6aac2b486d07a
-
SHA512
92e4d576abdc7dbfe54a1a10dac6452fb38d272234f0dc3c4e5bcbbb28db012a72452cb4769aa75ee358d64cfe2b03f42b69db484090937675d27dd4fa1efde1
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-