General
-
Target
Invoice.exe
-
Size
911KB
-
Sample
211207-mxawjsbfg3
-
MD5
0bc78923cd459f32b22143e218d36f9e
-
SHA1
6277fdb6265e0910fc8ff723b1cc117d5c3a77c1
-
SHA256
38cf5f384013f4abee761fc5f076afbf41a44fc270d1fe2c4340dc0d1fa43e4e
-
SHA512
325fbcaeba29408a80cb45b28baaf0ffc021e789807c42d2c928ffa4e9e5598f8977e1d3df3e6af4e6fe0328cca4a786fd1e94a38d103c58df2c7bb199ba1020
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Invoice.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.agc.com.sa - Port:
587 - Username:
vijayakumar.singh@agc.com.sa - Password:
admin@admin$$
Targets
-
-
Target
Invoice.exe
-
Size
911KB
-
MD5
0bc78923cd459f32b22143e218d36f9e
-
SHA1
6277fdb6265e0910fc8ff723b1cc117d5c3a77c1
-
SHA256
38cf5f384013f4abee761fc5f076afbf41a44fc270d1fe2c4340dc0d1fa43e4e
-
SHA512
325fbcaeba29408a80cb45b28baaf0ffc021e789807c42d2c928ffa4e9e5598f8977e1d3df3e6af4e6fe0328cca4a786fd1e94a38d103c58df2c7bb199ba1020
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-