General
-
Target
PO#4801_pdf.exe
-
Size
1.2MB
-
Sample
211206-tbmfsahdb5
-
MD5
e328fd1e861c6f3dbb5028d3f6dfbf30
-
SHA1
46de60266b3d2a1cd2ef5a3c7b9c5fc8a4b087f2
-
SHA256
c660d6a834aa41d44968e788436c795767f7480b92eae198f4dc2306c69e113b
-
SHA512
5f47e967e87897cda37821380920234ec9cef2bdcb7f410c2d55a33875864c417223bb943d6296fdbfa845d7676c58af8865f6e89e26b507f559484876a06792
Static task
static1
Behavioral task
behavioral1
Sample
PO#4801_pdf.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
PO#4801_pdf.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.xclean24.mk - Port:
587 - Username:
tevex@xclean24.mk - Password:
@G+L{.VjI_mg
Targets
-
-
Target
PO#4801_pdf.exe
-
Size
1.2MB
-
MD5
e328fd1e861c6f3dbb5028d3f6dfbf30
-
SHA1
46de60266b3d2a1cd2ef5a3c7b9c5fc8a4b087f2
-
SHA256
c660d6a834aa41d44968e788436c795767f7480b92eae198f4dc2306c69e113b
-
SHA512
5f47e967e87897cda37821380920234ec9cef2bdcb7f410c2d55a33875864c417223bb943d6296fdbfa845d7676c58af8865f6e89e26b507f559484876a06792
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-