General
-
Target
BANK SLIP.exe
-
Size
968KB
-
Sample
211207-mxawjsggfj
-
MD5
b8a51c2e7894dc9740df407ac48ebac1
-
SHA1
d56d487d95d030ee2a2de2537ff96085087c32cd
-
SHA256
2b4173dd7ab1163a08c7d6a9ad25dd3bef1cd2d7f9277807ee04ede858d5964c
-
SHA512
40036c10165c94df6cf243c383bb7943ffa8dfed38c1a8d912be81c80b7364f1cf6b3bbaf32429b136d2c457ea4527f6811c28126009c392e36ab93e7270ee1f
Static task
static1
Behavioral task
behavioral1
Sample
BANK SLIP.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
BANK SLIP.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.agc.com.sa - Port:
587 - Username:
vijayakumar.singh@agc.com.sa - Password:
admin@admin$$
Targets
-
-
Target
BANK SLIP.exe
-
Size
968KB
-
MD5
b8a51c2e7894dc9740df407ac48ebac1
-
SHA1
d56d487d95d030ee2a2de2537ff96085087c32cd
-
SHA256
2b4173dd7ab1163a08c7d6a9ad25dd3bef1cd2d7f9277807ee04ede858d5964c
-
SHA512
40036c10165c94df6cf243c383bb7943ffa8dfed38c1a8d912be81c80b7364f1cf6b3bbaf32429b136d2c457ea4527f6811c28126009c392e36ab93e7270ee1f
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-