General
-
Target
430b70e01fbcbd7a9bc603e708d94c45dbff0ffbe7d49fe77fc7e27651d788e3
-
Size
1.4MB
-
Sample
220708-aenngahfhp
-
MD5
19985d9cf3390bfd2b4365a4c2626498
-
SHA1
91c3f560a072a648d30d1fbcddc41f0c55379bbb
-
SHA256
430b70e01fbcbd7a9bc603e708d94c45dbff0ffbe7d49fe77fc7e27651d788e3
-
SHA512
871d9577cc1b16e8ba70c8ad796cac075061390c4760aff7ea6b09b034e3bf66cba757c54f6bc01fbe41d0d06a0ae636c376c25e731531490485af588348fadf
Static task
static1
Behavioral task
behavioral1
Sample
430b70e01fbcbd7a9bc603e708d94c45dbff0ffbe7d49fe77fc7e27651d788e3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
430b70e01fbcbd7a9bc603e708d94c45dbff0ffbe7d49fe77fc7e27651d788e3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
silverlinehospital.in - Port:
587 - Username:
[email protected] - Password:
Bukky101@
Targets
-
-
Target
430b70e01fbcbd7a9bc603e708d94c45dbff0ffbe7d49fe77fc7e27651d788e3
-
Size
1.4MB
-
MD5
19985d9cf3390bfd2b4365a4c2626498
-
SHA1
91c3f560a072a648d30d1fbcddc41f0c55379bbb
-
SHA256
430b70e01fbcbd7a9bc603e708d94c45dbff0ffbe7d49fe77fc7e27651d788e3
-
SHA512
871d9577cc1b16e8ba70c8ad796cac075061390c4760aff7ea6b09b034e3bf66cba757c54f6bc01fbe41d0d06a0ae636c376c25e731531490485af588348fadf
Score10/10-
Phoenix Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-