General
-
Target
a2cf7ced81d8b20db6f07681ce59c87c004c8716075b2fa69c92eafacb05fe2e
-
Size
247KB
-
Sample
220520-3b3bnsbegj
-
MD5
d7924698354902050aefab7660563fbf
-
SHA1
1199e08b0663e67f235f18c78eed4efee9ab6b73
-
SHA256
a2cf7ced81d8b20db6f07681ce59c87c004c8716075b2fa69c92eafacb05fe2e
-
SHA512
c7169a39e4161b1caa710f3cf20ce975f7c101939ecab0f72965d52b23868892ea3754d533dd455bd5713ccd8f35e8849f57dd9f63cdb8845baa1216d8006a3a
Static task
static1
Behavioral task
behavioral1
Sample
Bank Transfer Form -pdf- .exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Bank Transfer Form -pdf- .exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.sapgroup.com.pk - Port:
587 - Username:
[email protected] - Password:
moin@26919
Targets
-
-
Target
Bank Transfer Form -pdf- .exe
-
Size
285KB
-
MD5
2978510bf17fa0d135d00fe79ef89a1f
-
SHA1
50841350fd090699d25b377fb80fb9f4fa124cc4
-
SHA256
f92b54d3c97015bf592fc80c6a7cea7eed7d35d423fbbb612e84bb91c92b8320
-
SHA512
abec9aa7d06110e426119148b3993384eecfc527460bcb6e14f8274733192349175b831117578ebb2ddb54904c498bb54c94303b6e68229be2e7110dd47f6476
Score10/10-
404 Keylogger Main Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-