General
-
Target
c66e852871402c8790e733a2c84a9490b8906b6769788135cf886fd905c6e2a3
-
Size
737KB
-
Sample
220521-mmrrbacae3
-
MD5
4f1225c09bc1e748023467f65705eac5
-
SHA1
62d9b7ac58832f2b40d624cf7cc06717e1a39229
-
SHA256
c66e852871402c8790e733a2c84a9490b8906b6769788135cf886fd905c6e2a3
-
SHA512
e2324f74f65d0eb137fa05e10d178a48130c06507e743181ed59b7e30efc5f2ab15c0298dbb15335fe36d89462a14726acfba7b50954ac4e3c9db59206f3c4e2
Static task
static1
Behavioral task
behavioral1
Sample
TAJ ALKHIRRAT PO NO102018REV1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TAJ ALKHIRRAT PO NO102018REV1.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
TAJ ALKHIRRAT PO NO102018REV1.exe
-
Size
1.2MB
-
MD5
ccf45a5db4f9a66a753bf814773cedb5
-
SHA1
22eef3d62696cf9c54705ff46fc3a4e242496013
-
SHA256
20f915f2da2ed5058de670c17dde36d863699fdca9a64edfcfb4e1dd9db46b39
-
SHA512
2bef1995fd50aad2a0a96d4a33b71747bd7fc676cc66cd5628557ed63027ffa7893fe959914306684a8c4d9d1005f9d04b02fae86ceb381910df8b38bc757eda
Score10/10-
404 Keylogger Main Executable
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-