General
-
Target
8083596121.zip
-
Size
17KB
-
Sample
220930-rtesjsefhq
-
MD5
2e238f7fd5a3e1cc0adc5353e28693f4
-
SHA1
53a4823b8476bba58f3c26da8a9295bf61d7492b
-
SHA256
1b610303b3b37043421130f30b024aaff816b8f8de214a98e7d1ea1b6197e8ed
-
SHA512
99d7b6ef8e191753ee7dbfaaefd1c9fb8d9c40dade89f077736dea1da8aa42b56987ab4627f3a575cacd7c9180c0c0c58aa7c94d02466bdb4ed2df240cffd128
-
SSDEEP
384:Dwl8DznTymTriUvjkMOe2NsH3ErKr7Ycvh3GLjWNgnjojBjinJ:vzLTPZl240rtIhWPWNWjSjYJ
Static task
static1
Behavioral task
behavioral1
Sample
ae4932402776b79b18dac096d0afdcc986f7bef1459bfb9bb5675f2b074d8e04.pps
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ae4932402776b79b18dac096d0afdcc986f7bef1459bfb9bb5675f2b074d8e04.pps
Resource
win10v2004-20220812-en
Malware Config
Extracted
https://bitbucket.org/!api/2.0/snippets/tinypro/rEG58e/000e903c314ad0a34dfaac0751c43024bbf2dadd/files/blessed2.txt
Targets
-
-
Target
ae4932402776b79b18dac096d0afdcc986f7bef1459bfb9bb5675f2b074d8e04
-
Size
102KB
-
MD5
b47c0f0957935cfc3c27337b8f117d75
-
SHA1
1228ae88cfc7a2a80506cd2e4fb14f22a5f8d76c
-
SHA256
ae4932402776b79b18dac096d0afdcc986f7bef1459bfb9bb5675f2b074d8e04
-
SHA512
208edf3bf8dfb38d738a86db7a240c0ad985ed14b8f58435bcd945d4ca7904469c60bdcb3fb53f91d9f8d91d47c68b5ef26941b44cdb986959cc9e59e907e50e
-
SSDEEP
768:kf9BcTRDkSIOd0Xg4JbvsyEVK3/L1U82cY3/A5jEcjo:kutY1OmvsyEVKvL1U0WA5js
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Registers COM server for autorun
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-