General
-
Target
SCANCOPY3892783-PDF.exe
-
Size
1.2MB
-
Sample
211206-g928nsgcb2
-
MD5
dd373ae45da1d4f797f38e2e356d329f
-
SHA1
38efe558e2c1e721543f07e84bc8e0445b96d633
-
SHA256
646ff740a579fad8c98875763bc0fc06335a88b922cdfd25b71b7e12cc0460f8
-
SHA512
1cbe3ff1512d2de91adb330efaa65a4e00aba4c2edb83e8a9a9346c6068b6f6153f268bac6c50905cbcb76bc2e10fae5c573ae646c4c3849f68fe007e24b8a7a
Static task
static1
Behavioral task
behavioral1
Sample
SCANCOPY3892783-PDF.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
SCANCOPY3892783-PDF.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alroman.com - Port:
587 - Username:
customercare@alroman.com - Password:
abc@24638
Targets
-
-
Target
SCANCOPY3892783-PDF.exe
-
Size
1.2MB
-
MD5
dd373ae45da1d4f797f38e2e356d329f
-
SHA1
38efe558e2c1e721543f07e84bc8e0445b96d633
-
SHA256
646ff740a579fad8c98875763bc0fc06335a88b922cdfd25b71b7e12cc0460f8
-
SHA512
1cbe3ff1512d2de91adb330efaa65a4e00aba4c2edb83e8a9a9346c6068b6f6153f268bac6c50905cbcb76bc2e10fae5c573ae646c4c3849f68fe007e24b8a7a
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-