General
-
Target
DHL-20210112-PDF.exe
-
Size
376KB
-
Sample
211201-vrzxgsebhp
-
MD5
9f306b99839580edc4d121870abb5b04
-
SHA1
0b2fc63e4edbf80a93366e7ec2e3e8aeffd7cc38
-
SHA256
f01dacce7e8eb48d0cbeda2e17dfd3d6f6494cb9d2b7a455256dd24e4110af7c
-
SHA512
bab1e630a21bf0e6b1f4da997598fe4477dda9d3c8e45effeb20521e28cfc3bb80a3404ec67868034219fd67a142cf21db95eb22e3b51639cc884d850e1e15d8
Static task
static1
Behavioral task
behavioral1
Sample
DHL-20210112-PDF.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
DHL-20210112-PDF.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alroman.com - Port:
587 - Username:
customercare@alroman.com - Password:
abc@24638
Targets
-
-
Target
DHL-20210112-PDF.exe
-
Size
376KB
-
MD5
9f306b99839580edc4d121870abb5b04
-
SHA1
0b2fc63e4edbf80a93366e7ec2e3e8aeffd7cc38
-
SHA256
f01dacce7e8eb48d0cbeda2e17dfd3d6f6494cb9d2b7a455256dd24e4110af7c
-
SHA512
bab1e630a21bf0e6b1f4da997598fe4477dda9d3c8e45effeb20521e28cfc3bb80a3404ec67868034219fd67a142cf21db95eb22e3b51639cc884d850e1e15d8
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-