General
-
Target
Payment Advice MT103.exe
-
Size
985KB
-
Sample
211208-sy76bsgah8
-
MD5
511fd1d71605cd767ec7451115334d12
-
SHA1
22146c2fcdc631ba123c5cdf9dcb0274d396e6c0
-
SHA256
373d671d67d3bbe40cdf157b738114a6940ff2cdaa569bd0056af27f63d58a71
-
SHA512
0f8cd0d5fc8968ad976379d38eee4ef535d0c759cac4b0933ad8e47f210482d27f8a12bd0d90c12cc2f427375265c39f4127757fb9cadae248cc98f1e9903fb8
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice MT103.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Payment Advice MT103.exe
Resource
win10-en-20211208
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.agc.com.sa - Port:
587 - Username:
vijayakumar.singh@agc.com.sa - Password:
admin@admin$$
Targets
-
-
Target
Payment Advice MT103.exe
-
Size
985KB
-
MD5
511fd1d71605cd767ec7451115334d12
-
SHA1
22146c2fcdc631ba123c5cdf9dcb0274d396e6c0
-
SHA256
373d671d67d3bbe40cdf157b738114a6940ff2cdaa569bd0056af27f63d58a71
-
SHA512
0f8cd0d5fc8968ad976379d38eee4ef535d0c759cac4b0933ad8e47f210482d27f8a12bd0d90c12cc2f427375265c39f4127757fb9cadae248cc98f1e9903fb8
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-