General
-
Target
DHL000271121_pdf.exe
-
Size
335KB
-
Sample
211128-jkt7waggak
-
MD5
0dbb08f269cdda59d9e0a5c3fa0c6f53
-
SHA1
7d04e579ee6388b33195cb3536e6d2d555225191
-
SHA256
99f848659803768bf6e0312c21b7cc5ae368516d253adc2c6869e89403d34836
-
SHA512
f21101aacad29b8374c61fa8b2db845bea2aaed325a08a0d41a0ec7f45d7d49a08b09babc2c11f43433cbc1e249b42e749779bc0b117d44b722a43845988dbb9
Static task
static1
Behavioral task
behavioral1
Sample
DHL000271121_pdf.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
DHL000271121_pdf.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stlwtgroup.com - Port:
587 - Username:
simon.ho@stlwtgroup.com - Password:
Simon97292457
Targets
-
-
Target
DHL000271121_pdf.exe
-
Size
335KB
-
MD5
0dbb08f269cdda59d9e0a5c3fa0c6f53
-
SHA1
7d04e579ee6388b33195cb3536e6d2d555225191
-
SHA256
99f848659803768bf6e0312c21b7cc5ae368516d253adc2c6869e89403d34836
-
SHA512
f21101aacad29b8374c61fa8b2db845bea2aaed325a08a0d41a0ec7f45d7d49a08b09babc2c11f43433cbc1e249b42e749779bc0b117d44b722a43845988dbb9
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-