General
-
Target
88160011B.xlsx
-
Size
39KB
-
Sample
220705-pffrkshadq
-
MD5
9add119c83c891469f6aacf6e1128544
-
SHA1
f87dceb2802e8e10eb36b4a913da50529901ac34
-
SHA256
496f836f4de8ae952cd6749a0d8ada4d53e8095b38032b9e1b526b025ce3081d
-
SHA512
1525620e45e55f5b8798d98694283692e2729a969b4b2d458b136b77199cf2dc0520e34c45e566afbe23b587b0057600680cef8d7df8d1f8b410763ac45e8488
Static task
static1
Behavioral task
behavioral1
Sample
88160011B.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
88160011B.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stilltech.ro - Port:
587 - Username:
office@stilltech.ro - Password:
eurobit555ro - Email To:
graceunlimited153@gmail.com
Targets
-
-
Target
88160011B.xlsx
-
Size
39KB
-
MD5
9add119c83c891469f6aacf6e1128544
-
SHA1
f87dceb2802e8e10eb36b4a913da50529901ac34
-
SHA256
496f836f4de8ae952cd6749a0d8ada4d53e8095b38032b9e1b526b025ce3081d
-
SHA512
1525620e45e55f5b8798d98694283692e2729a969b4b2d458b136b77199cf2dc0520e34c45e566afbe23b587b0057600680cef8d7df8d1f8b410763ac45e8488
Score10/10-
Snake Keylogger Payload
-
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-