General
-
Target
ae4932402776b79b18dac096d0afdcc986f7bef1459bfb9bb5675f2b074d8e04.zip
-
Size
16KB
-
Sample
220930-23cdwsgahq
-
MD5
2ada0f10773efb6a25b3be1dd1326c68
-
SHA1
998a622a13f23a8cc5c4195c731fe1c032352f7a
-
SHA256
ad732770d35cd2619b05588bc0f016e3015cd45ed5e97dd5b61eb61acd4c1e88
-
SHA512
dfffe9af22d945cd42ce584cf94e0a4eda1f1ae3dcc7c8c96e95237304c14871267cfe4110f71045c61b8b74d44aa2f4775c7c114a5b8da851ab14cdff611498
-
SSDEEP
384:CZ9cuOUI95mhREa4Kkwmcd/4tWlr9clyZ7n:MaF9kREaZkTKAg0yhn
Static task
static1
Behavioral task
behavioral1
Sample
ae4932402776b79b18dac096d0afdcc986f7bef1459bfb9bb5675f2b074d8e04.pps
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ae4932402776b79b18dac096d0afdcc986f7bef1459bfb9bb5675f2b074d8e04.pps
Resource
win10v2004-20220812-en
Malware Config
Extracted
https://bitbucket.org/!api/2.0/snippets/tinypro/rEG58e/000e903c314ad0a34dfaac0751c43024bbf2dadd/files/blessed2.txt
Targets
-
-
Target
ae4932402776b79b18dac096d0afdcc986f7bef1459bfb9bb5675f2b074d8e04.ppt
-
Size
102KB
-
MD5
b47c0f0957935cfc3c27337b8f117d75
-
SHA1
1228ae88cfc7a2a80506cd2e4fb14f22a5f8d76c
-
SHA256
ae4932402776b79b18dac096d0afdcc986f7bef1459bfb9bb5675f2b074d8e04
-
SHA512
208edf3bf8dfb38d738a86db7a240c0ad985ed14b8f58435bcd945d4ca7904469c60bdcb3fb53f91d9f8d91d47c68b5ef26941b44cdb986959cc9e59e907e50e
-
SSDEEP
768:kf9BcTRDkSIOd0Xg4JbvsyEVK3/L1U82cY3/A5jEcjo:kutY1OmvsyEVKvL1U0WA5js
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Registers COM server for autorun
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-