General
-
Target
Bank Details.pdf.exe
-
Size
941KB
-
Sample
211208-sy9ddshdbj
-
MD5
f6364d9a25ab4da10cdb824f176369ae
-
SHA1
28bbfe91585b104e1791232ca913d1c85ed2598c
-
SHA256
7eb7635b0fbd7875fddaf9cf4b5c338fe936a8dd699166ce7c61fc693d906bb6
-
SHA512
9baf9d340a64a6846fd8d1b61ea4f3d187391300354b6dce67f7e0851510a18e9d42ded6b87997064e52f0d133db46383de13d7099362c81e7722ec7b42e6205
Static task
static1
Behavioral task
behavioral1
Sample
Bank Details.pdf.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Bank Details.pdf.exe
Resource
win10-en-20211208
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.agc.com.sa - Port:
587 - Username:
vijayakumar.singh@agc.com.sa - Password:
admin@admin$$
Targets
-
-
Target
Bank Details.pdf.exe
-
Size
941KB
-
MD5
f6364d9a25ab4da10cdb824f176369ae
-
SHA1
28bbfe91585b104e1791232ca913d1c85ed2598c
-
SHA256
7eb7635b0fbd7875fddaf9cf4b5c338fe936a8dd699166ce7c61fc693d906bb6
-
SHA512
9baf9d340a64a6846fd8d1b61ea4f3d187391300354b6dce67f7e0851510a18e9d42ded6b87997064e52f0d133db46383de13d7099362c81e7722ec7b42e6205
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-