General
-
Target
PURCHASE ORDER.exe
-
Size
604KB
-
Sample
211203-rqch1sghal
-
MD5
a6ffb00132dd3d3bd4efd4a277b2053a
-
SHA1
691f70aee58eba1ceae835f4ea123880be1e0b04
-
SHA256
fac76dce20527e0d385d72be5f7d39319b516c6d834940ec42ca270bf8fb70b6
-
SHA512
28f15e590e8b6697add3ff5f889506716fb10b7c23ae856ccfaf766fc8d34ab7eaa6afb02f09cfe8c99c78d96c2e9735513e8b1f1adce4902d137f8012f5668e
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
antivenom
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
604KB
-
MD5
a6ffb00132dd3d3bd4efd4a277b2053a
-
SHA1
691f70aee58eba1ceae835f4ea123880be1e0b04
-
SHA256
fac76dce20527e0d385d72be5f7d39319b516c6d834940ec42ca270bf8fb70b6
-
SHA512
28f15e590e8b6697add3ff5f889506716fb10b7c23ae856ccfaf766fc8d34ab7eaa6afb02f09cfe8c99c78d96c2e9735513e8b1f1adce4902d137f8012f5668e
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-