General
-
Target
88160011B.xlsx
-
Size
39KB
-
Sample
220705-phvnhsahh2
-
MD5
bb45f31acbfa03dcf30c1ef037a607e2
-
SHA1
4539a5f55990c8490f39d0724e372ba66bdbf903
-
SHA256
4da0fa732b3cb2b77f92db9ed169eae7606d5646aa38dbaf9667565556b3e223
-
SHA512
5290df186c6312a68bb81429a19bb8eee06b71bdbe5b9d7e1ebc4ceca87ef7021d463b2a38f1e9388859fc63a6bd112e6f3f358ff251f0ffdae8e9ffd420bf62
Static task
static1
Behavioral task
behavioral1
Sample
88160011B.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
88160011B.xlsx
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
decrypted.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
decrypted.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stilltech.ro - Port:
587 - Username:
office@stilltech.ro - Password:
eurobit555ro - Email To:
graceunlimited153@gmail.com
Targets
-
-
Target
88160011B.xlsx
-
Size
39KB
-
MD5
bb45f31acbfa03dcf30c1ef037a607e2
-
SHA1
4539a5f55990c8490f39d0724e372ba66bdbf903
-
SHA256
4da0fa732b3cb2b77f92db9ed169eae7606d5646aa38dbaf9667565556b3e223
-
SHA512
5290df186c6312a68bb81429a19bb8eee06b71bdbe5b9d7e1ebc4ceca87ef7021d463b2a38f1e9388859fc63a6bd112e6f3f358ff251f0ffdae8e9ffd420bf62
Score10/10-
Snake Keylogger Payload
-
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
decrypted
-
Size
35KB
-
MD5
3910d5d3b292f25def60bb76fbf17f9a
-
SHA1
0f0fbab3541b7f82cf95f207293a5c0e1935f115
-
SHA256
1edcbce9fb67ee7b09caf7a75f2f5d55ef61e3238d265b1e25fa78b8aaeb30e5
-
SHA512
dc800cbbfedf12c57128e198c9b0d662dc680cda47159753e79914d688c7de7b177d9fc9c95b46afd9379edb2976ccb538e1c6d813e99f80c51595388e03c931
Score10/10-
Snake Keylogger Payload
-
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-