General
-
Target
Scan_Q00 No1972.doc
-
Size
18KB
-
Sample
211130-w4wk9sbad8
-
MD5
51d489be9ebb175ec0d320784f160ac8
-
SHA1
9440984a6c2c2f6a6892c74b9a01deaa61eadbea
-
SHA256
66db3a065d7d24f23677c12fe68571adfb24e0579c4367574840f285026da8b2
-
SHA512
98035d914f103e4b8688e7990d12d8590182a4f340a52805e65c8d9954ffb54d57b34f44ea259a7fbf17ef659391dde84ff1de7bacca486077fb0389a7318fab
Static task
static1
Behavioral task
behavioral1
Sample
Scan_Q00 No1972.doc
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Scan_Q00 No1972.doc
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.palladiumss.com - Port:
587 - Username:
raman@palladiumss.com - Password:
raman@1210
Targets
-
-
Target
Scan_Q00 No1972.doc
-
Size
18KB
-
MD5
51d489be9ebb175ec0d320784f160ac8
-
SHA1
9440984a6c2c2f6a6892c74b9a01deaa61eadbea
-
SHA256
66db3a065d7d24f23677c12fe68571adfb24e0579c4367574840f285026da8b2
-
SHA512
98035d914f103e4b8688e7990d12d8590182a4f340a52805e65c8d9954ffb54d57b34f44ea259a7fbf17ef659391dde84ff1de7bacca486077fb0389a7318fab
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-