General
-
Target
Purchase Order No. 286353 - Copy.scr
-
Size
571KB
-
Sample
211203-kgwrzafgej
-
MD5
6e34a3c0b8b6a663a9f236085e450d41
-
SHA1
77b4a1dc260c068a81acc20b3b8e5a968a314055
-
SHA256
5b37a1197dd6866cf0b617735b9f2009cf49dbd065ab46d7a6f36e76d069812b
-
SHA512
2f9422f081bb70658b218e5e2b29c2461f151c962ed7db81c803427abbfe56410e727c0090dda1caf0cc2c5b09ffc76593d8956c930c9d12ff833a40378fda7f
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order No. 286353 - Copy.scr
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Purchase Order No. 286353 - Copy.scr
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.jhllogistic.com - Port:
26 - Username:
sunny@jhllogistic.com - Password:
jhlsunny168
Targets
-
-
Target
Purchase Order No. 286353 - Copy.scr
-
Size
571KB
-
MD5
6e34a3c0b8b6a663a9f236085e450d41
-
SHA1
77b4a1dc260c068a81acc20b3b8e5a968a314055
-
SHA256
5b37a1197dd6866cf0b617735b9f2009cf49dbd065ab46d7a6f36e76d069812b
-
SHA512
2f9422f081bb70658b218e5e2b29c2461f151c962ed7db81c803427abbfe56410e727c0090dda1caf0cc2c5b09ffc76593d8956c930c9d12ff833a40378fda7f
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-