General
-
Target
Due Invoice.exe
-
Size
361KB
-
Sample
211203-lr7snagabm
-
MD5
fee89edf9ce8a64002427441586b9398
-
SHA1
59af280c214554fb9f15e3d6c3be307db897d27b
-
SHA256
16ddf0f2279fcf3c7a73602d8d4d54c61b8685028b04b90663947bef4b784698
-
SHA512
8deba7d7cf85568ca8565aeb9d04b7f6f6e2340cef7f2ce09c07ca40189ca24c513a79424d647cde4ca497b6ad5c3579010e3d193aac5a8f2f6388efc7d85201
Static task
static1
Behavioral task
behavioral1
Sample
Due Invoice.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Due Invoice.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.agc.com.sa - Port:
587 - Username:
vijayakumar.singh@agc.com.sa - Password:
admin@admin$$
Targets
-
-
Target
Due Invoice.exe
-
Size
361KB
-
MD5
fee89edf9ce8a64002427441586b9398
-
SHA1
59af280c214554fb9f15e3d6c3be307db897d27b
-
SHA256
16ddf0f2279fcf3c7a73602d8d4d54c61b8685028b04b90663947bef4b784698
-
SHA512
8deba7d7cf85568ca8565aeb9d04b7f6f6e2340cef7f2ce09c07ca40189ca24c513a79424d647cde4ca497b6ad5c3579010e3d193aac5a8f2f6388efc7d85201
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-