General
-
Target
Statement.exe
-
Size
571KB
-
Sample
211201-psfmcafba6
-
MD5
9cee10955eb4330bfba8abb81d83cb98
-
SHA1
8c80ef728fec74d472edbac2fe8f5abb844a86b3
-
SHA256
b1aea37a6d2fdd3e3d8c646441891848969d92a2f4b88bfc084b4f7a51a88b28
-
SHA512
7de20802fca5abd5ac7f7a265cdcac97447619f6de039f965d15d4a6c03d23435eaa279e30c895807f93b823130928df9571b3f67db52f3eda80119e9cd8619b
Static task
static1
Behavioral task
behavioral1
Sample
Statement.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Statement.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.agc.com.sa - Port:
587 - Username:
vijayakumar.singh@agc.com.sa - Password:
admin@admin$$
Targets
-
-
Target
Statement.exe
-
Size
571KB
-
MD5
9cee10955eb4330bfba8abb81d83cb98
-
SHA1
8c80ef728fec74d472edbac2fe8f5abb844a86b3
-
SHA256
b1aea37a6d2fdd3e3d8c646441891848969d92a2f4b88bfc084b4f7a51a88b28
-
SHA512
7de20802fca5abd5ac7f7a265cdcac97447619f6de039f965d15d4a6c03d23435eaa279e30c895807f93b823130928df9571b3f67db52f3eda80119e9cd8619b
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-