General
-
Target
Overdue Invoice.exe
-
Size
606KB
-
Sample
211202-kq1saadedl
-
MD5
70755074866112b39a6a999612898661
-
SHA1
086a019502389944d5449ced3b004fca5dc27f4e
-
SHA256
827cccb1a82b2c9b9391f38bc6ff3fb6ce41f3a4b9db17da871ca56393ade754
-
SHA512
45b45c73c6ce3c363d966dc9fbbd202c6657f13f9fdfe1ba59d569eda5e45fd0fb95b55ac784469bf660683f6d1163b91c8a66c5e6f26a275bec4310e7e2ae11
Static task
static1
Behavioral task
behavioral1
Sample
Overdue Invoice.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Overdue Invoice.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.agc.com.sa - Port:
587 - Username:
vijayakumar.singh@agc.com.sa - Password:
admin@admin$$
Targets
-
-
Target
Overdue Invoice.exe
-
Size
606KB
-
MD5
70755074866112b39a6a999612898661
-
SHA1
086a019502389944d5449ced3b004fca5dc27f4e
-
SHA256
827cccb1a82b2c9b9391f38bc6ff3fb6ce41f3a4b9db17da871ca56393ade754
-
SHA512
45b45c73c6ce3c363d966dc9fbbd202c6657f13f9fdfe1ba59d569eda5e45fd0fb95b55ac784469bf660683f6d1163b91c8a66c5e6f26a275bec4310e7e2ae11
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-