General
-
Target
INVOICE -PAYMENT PROCESS-PDF.exe
-
Size
491KB
-
Sample
211201-psxwmacaek
-
MD5
9ca3be9c6a23b1ebb37bece4d523ab7d
-
SHA1
bea611ab0c951eee30992af46c98cef98f52ed73
-
SHA256
23b482ed9007975bea94a8e5847a5cc2ed3e1c628cb33aec704110795448f1c8
-
SHA512
4790bb40f74d10f749690adf7d961e7cb69e14a4f93ccd57272367f652ad3521894ec422a50626197250f9f4b0b402330983e6282c77c760789b9436383865d5
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE -PAYMENT PROCESS-PDF.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
INVOICE -PAYMENT PROCESS-PDF.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alroman.com - Port:
587 - Username:
customercare@alroman.com - Password:
abc@24638
Targets
-
-
Target
INVOICE -PAYMENT PROCESS-PDF.exe
-
Size
491KB
-
MD5
9ca3be9c6a23b1ebb37bece4d523ab7d
-
SHA1
bea611ab0c951eee30992af46c98cef98f52ed73
-
SHA256
23b482ed9007975bea94a8e5847a5cc2ed3e1c628cb33aec704110795448f1c8
-
SHA512
4790bb40f74d10f749690adf7d961e7cb69e14a4f93ccd57272367f652ad3521894ec422a50626197250f9f4b0b402330983e6282c77c760789b9436383865d5
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-