General
-
Target
Order Proposal CAMEWOULD ELECTRICAL LTD.exe
-
Size
647KB
-
Sample
211129-v8w7xsfef2
-
MD5
1f9cf73ba24dfcfa58a0c246a45615da
-
SHA1
fc457c6cc43383e37f44be729d60aad7c0f9fe6c
-
SHA256
7b20f113dbca97ddeeae7d8b9e31fc95a559bbaf74313900c372b809f2900fd1
-
SHA512
fce260efee3eb5604f0dbe956f429971b17a4ab786e46cb6fad70dbabcaadfac683b9d05428ecbc1acc4c88c719e75d43cc49e1e1b1638577f4fcbd5a13b27f4
Static task
static1
Behavioral task
behavioral1
Sample
Order Proposal CAMEWOULD ELECTRICAL LTD.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Order Proposal CAMEWOULD ELECTRICAL LTD.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.swissunionch.com - Port:
587 - Username:
kelvin1@swissunionch.com - Password:
usV(xxUWCa;u
Targets
-
-
Target
Order Proposal CAMEWOULD ELECTRICAL LTD.exe
-
Size
647KB
-
MD5
1f9cf73ba24dfcfa58a0c246a45615da
-
SHA1
fc457c6cc43383e37f44be729d60aad7c0f9fe6c
-
SHA256
7b20f113dbca97ddeeae7d8b9e31fc95a559bbaf74313900c372b809f2900fd1
-
SHA512
fce260efee3eb5604f0dbe956f429971b17a4ab786e46cb6fad70dbabcaadfac683b9d05428ecbc1acc4c88c719e75d43cc49e1e1b1638577f4fcbd5a13b27f4
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-