General
-
Target
print_01.rar
-
Size
488KB
-
Sample
211201-rk5mlscggn
-
MD5
fb0fcfe1c1dd1230b7638168bb611148
-
SHA1
aca880d045efa7c1e640eff61124106b4c7625a9
-
SHA256
64c77b664168d14cdf8e6f496dfb85843c1d5b24ffc7c6b5a7756a0872f6673b
-
SHA512
f7c5719c31de694a01e7305a889b01b4ed046622f21a1ab797c8c40abbc1c9560c7c61198a2789b061e8f6cbce7a15ebc317f1bfc070f285aa2edde37cff506f
Static task
static1
Behavioral task
behavioral1
Sample
print_01.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
print_01.exe
Resource
win10-en-20211104
Malware Config
Extracted
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
info@faks-allied-health.com - Password:
$Faks1234
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.faks-allied-health.com - Port:
587 - Username:
info@faks-allied-health.com - Password:
$Faks1234
Targets
-
-
Target
print_01.exe
-
Size
526KB
-
MD5
4e3ee76bf24ac96246ce7b31f9a92600
-
SHA1
ee31ce4cbecfa148264ce62989b4b44034ad17c3
-
SHA256
7239068bcab3d2fe02a0a3faf8f703dc78c57fec8935bcd68f4a61e5de6ae07f
-
SHA512
375000ceec75eb8d1c9efc40516fb067d07d978020be776895b4938051744e856120b4d9b929cef89c401cd59ddf42920d8da058c5f8139dc76c3e6d7a1bfffa
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-