General
-
Target
Jayaswal Neco Industries - Products List.exe
-
Size
1.1MB
-
Sample
211208-q9t2qsagar
-
MD5
ab36c4e12791b5df2fcff6b45d232195
-
SHA1
34b969eaa12a1f51f2c0aacdb61ab386907f27a7
-
SHA256
44b764e014bc56b28a3b803ca10758d94a3f0ad587835c0104a16f7968feb234
-
SHA512
ac5e7e61d117eb08bc5e4eb96ffcfb040a3f57d48b403a1dcafc3b49c62a96dce04dec2623b62167a61aef3abc29efcf0c8836c9b1ac943a921d4841f0dc17ed
Static task
static1
Behavioral task
behavioral1
Sample
Jayaswal Neco Industries - Products List.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Jayaswal Neco Industries - Products List.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.jhllogistic.com - Port:
26 - Username:
sunny@jhllogistic.com - Password:
jhlsunny168
Targets
-
-
Target
Jayaswal Neco Industries - Products List.exe
-
Size
1.1MB
-
MD5
ab36c4e12791b5df2fcff6b45d232195
-
SHA1
34b969eaa12a1f51f2c0aacdb61ab386907f27a7
-
SHA256
44b764e014bc56b28a3b803ca10758d94a3f0ad587835c0104a16f7968feb234
-
SHA512
ac5e7e61d117eb08bc5e4eb96ffcfb040a3f57d48b403a1dcafc3b49c62a96dce04dec2623b62167a61aef3abc29efcf0c8836c9b1ac943a921d4841f0dc17ed
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-