General
-
Target
print_01.exe
-
Size
526KB
-
Sample
211201-kbc3nsahfj
-
MD5
4e3ee76bf24ac96246ce7b31f9a92600
-
SHA1
ee31ce4cbecfa148264ce62989b4b44034ad17c3
-
SHA256
7239068bcab3d2fe02a0a3faf8f703dc78c57fec8935bcd68f4a61e5de6ae07f
-
SHA512
375000ceec75eb8d1c9efc40516fb067d07d978020be776895b4938051744e856120b4d9b929cef89c401cd59ddf42920d8da058c5f8139dc76c3e6d7a1bfffa
Static task
static1
Behavioral task
behavioral1
Sample
print_01.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
print_01.exe
Resource
win10-en-20211104
Malware Config
Extracted
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
info@faks-allied-health.com - Password:
$Faks1234
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
info@faks-allied-health.com - Password:
$Faks1234
Targets
-
-
Target
print_01.exe
-
Size
526KB
-
MD5
4e3ee76bf24ac96246ce7b31f9a92600
-
SHA1
ee31ce4cbecfa148264ce62989b4b44034ad17c3
-
SHA256
7239068bcab3d2fe02a0a3faf8f703dc78c57fec8935bcd68f4a61e5de6ae07f
-
SHA512
375000ceec75eb8d1c9efc40516fb067d07d978020be776895b4938051744e856120b4d9b929cef89c401cd59ddf42920d8da058c5f8139dc76c3e6d7a1bfffa
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-