General
-
Target
Purchase Order.exe
-
Size
950KB
-
Sample
211208-hdjbcsgcbr
-
MD5
9c31f5e68471743116a36daafdcb4786
-
SHA1
1298ebc4f06c319b05a2b448eaf4931737203d64
-
SHA256
17e9ee6953eec4fa0a69b8c11e02d4656e41338697a435e58e0fd8bfa1f00183
-
SHA512
859de421e3f17a090092435348f0bedd8dc276ee90457bf0ad873b7620f57cca9cefc36addb718928e27c68316276f2eafaf73c129637ceb26752dffe2e84373
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.agc.com.sa - Port:
587 - Username:
vijayakumar.singh@agc.com.sa - Password:
admin@admin$$
Targets
-
-
Target
Purchase Order.exe
-
Size
950KB
-
MD5
9c31f5e68471743116a36daafdcb4786
-
SHA1
1298ebc4f06c319b05a2b448eaf4931737203d64
-
SHA256
17e9ee6953eec4fa0a69b8c11e02d4656e41338697a435e58e0fd8bfa1f00183
-
SHA512
859de421e3f17a090092435348f0bedd8dc276ee90457bf0ad873b7620f57cca9cefc36addb718928e27c68316276f2eafaf73c129637ceb26752dffe2e84373
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-