General
-
Target
DHL-20211130-pdf.exe
-
Size
432KB
-
Sample
211129-v8ww6acecm
-
MD5
846c6958b91446fdf7984036de12312a
-
SHA1
982cada5dc8eab584b686d9bd86e7622531b0454
-
SHA256
8900dcc6381458bd65b62db8c05181a467d41a5d7f5686cda696655973371920
-
SHA512
05010da970297e22432685bbfd97737c73f65e3e1dbcdc10f8191718a8a890c0cf916102c32d53693c42298bcc5194fcc747ef6bd6b9dd34e1a184e5c26ba800
Static task
static1
Behavioral task
behavioral1
Sample
DHL-20211130-pdf.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
DHL-20211130-pdf.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stlwtgroup.com - Port:
587 - Username:
simon.ho@stlwtgroup.com - Password:
Simon97292457
Targets
-
-
Target
DHL-20211130-pdf.exe
-
Size
432KB
-
MD5
846c6958b91446fdf7984036de12312a
-
SHA1
982cada5dc8eab584b686d9bd86e7622531b0454
-
SHA256
8900dcc6381458bd65b62db8c05181a467d41a5d7f5686cda696655973371920
-
SHA512
05010da970297e22432685bbfd97737c73f65e3e1dbcdc10f8191718a8a890c0cf916102c32d53693c42298bcc5194fcc747ef6bd6b9dd34e1a184e5c26ba800
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-